| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj81174 | Title: | unable to view pap information while debugging with customer |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: * | Symptom:
Show commands for pools are incomplete leading to inability to debug pool related issues in the field
Conditions:
This is a NAT related issue and only relevant with dynamic translations involving pools
Workaround:
This DDTS is needed in order to view complete pool state
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh91563 | Title: | ucode crash on unconfiguting nat in cgn mode with nbar |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: * | Symptom:
ucode crash seen on unconifugring nat with nbar
Conditions:
Seen during a script run
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb25758 | Title: | QPPB: Classification does not work |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: * | Symptom:
On the ASR1000 series, using QPPB to set qos-group and later match on qos-group does not work.
Conditions:
Using QPPB to set qos-group and later match on qos-group does not work.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtg65016 | Title: | CoPP causes drops of control packets (LCP echo request/reply) on ESP |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: * | Symptom:
Control Plane Policy configuration prevents ASR-1k to process LCP Echo Request on the ESP. As a result, no LCP echo reply is sent back to the dialin customer .
Conditions:
Now this problem is only observed for PPPoEoA session.
Workaround:
No
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)XNF2, 15.0(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy96761 | Title: | Netfow: ESP reload during toggling of egress netflow with large config |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: * | Symptom:
Removing netflow from the last/only interface may cause
the ASR1000 series ESP board to reload.
Conditions:
The defect is due to a race condition between the QFP ager logic vs. the
code which processes the ager shutdown administrative action.
If the ager shutdown code executes while the periodic ager function is
executing, the ager function may reuse the timer structure which is
subsequently freed as part of the ager shutdown.
Workaround:
The timing window can be reduced to near 0 by taking the
following steps:
- Configure netflow on an interface X with no traffic
- Deconfigure netflow from all other interfaces
- Wait for all entries in the netflow cache to be aged out
- Then deconfigure netflow from the inactive interface X
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta04880 | Title: | CPP crashes on removal of tunnel protection profile from GRE interface |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: * | Basic Description
On the ASR1000 when running EoMPLSoGREoIPSec using an IPsec
protection profile on the GRE tunnel. If we unconfigure the IPsec profile from
the GRE tunnel interface and it is the last IPsec tunnel configured in the box,
ESP may reload.
Symptoms
This issue will cause all traffic being forwarded by ESP to be dropped and
the box will need to be reloaded for services to recover
Conditions
The problem can be seen if EoMPLS over GRE tunnel traffic is being
encrypted or decrypted on the ASR1000 with ESP20 with RP1.
The issue can also be seen with other type of config such as IPv6
IPsec SVTI config, EIGRP over DMVPN config.
This a pervasive issue and occurs frequently under common conditions
and configurations
Workaround
Configure a dummy IPsec tunnel with no peer. This way the in-use
IPsec tunnel will not be the last one to be removed in the box.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx63929 | Title: | FP reloads due to hardware Interrupt GTRMP_GTR_OTHER_LEAF_INT_INT_SDMA_V |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: * | Symptom:
ASR1000 FP reloads with a QFP fatal interrupt: GTRMP_GTR_OTHER_LEAF_INT_INT_SDMA_VITAL_SW_ERR .
Conditions:
ASR1000 FP reloads when IP virtual fragment reassembly (VFR) is enabled on interface(s) and fragmented packets are relatively large. This is normally caused by MTU of the VFR enabled interface in the range of 4608 to 9216. A ping to/from the above interface may cause the issue.
Workaround:
Configure VFR enabled interface's MTU value to be 4470 or less.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNB |
|
Known Fixed Releases: | 12.2(33)XNB3, 12.2(33)XNC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv86324 | Title: | IOS-XE voice gateway may crash while disabling SCCP |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
An IOS-XE running gateway may reload unexpectedly while disabling SCCP. The output of the "show version" command may display "Critical software exception" as the reload reason.
***Output shortened for brevity
------------------ show version ------------------
Cisco IOS XE Software, Version XX.XX.XX.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version XX.X(X)S, RELEASE
...
System returned to ROM by reload at --Timestamp--
System restarted at --Timestamp--
System image file is "bootflash:IOS_XE_filename.bin"
Last reload reason: Critical software exception, check bootflash:crashinfo_RP_00_00_20XXXXXX-XXXXXX-XXX
....
A core.gz and IOSd crashinfo file will be stored on the "bootflash" or "harddisk" depending on the model of the ASR.
Conditions:
The ASR must be running SCCP. Issuing the "no sccp" command will trigger the crash.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 05-DEC-2015 |
|
Known Affected Releases: | 15.4(3)S2.1 |
|
Known Fixed Releases: * | 15.6(0.17)PI30e, 15.6(0.19)S, 15.6(0.19)T, 15.6(1.6)S, 15.6(1.9)T0.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui17100 | Title: | ASR1K : Ucode Crash seen with cc_oir in EVC-EoMPLS setup |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
FP reloads with the corefile reporting a GIF_CSR32_GIF_LOGIC_ERR_LEAF_INT__INT_FBLK_CNT_LOW interrupt.
Conditions:
This issue only applies to ASR1002-X, ESP100 and ESP200. This crash occurs when the the amount of available
QFP packet buffer memory falls below 3% of the total available. This can only happen if there is a combination
of heavy traffic and a flood of control packets. An example action that could cause a flood of control packets
is an OIR of the carrier card when using a scaled EVC-EOMPLS configuration.
Workaround:
No workaround
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui42826 | Title: | ASR1K: fman_fp crash while sending traffic with 1K tunnels and routemaps |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
fman_fp crash seen with 1K tunnels and routemaps
Conditions:
while sending traffic with 1K tunnels and routemaps with ipv6 ACL
Workaround:
No workaround
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(2)S2, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh27266 | Title: | ASR1K: No CPP core generated when FP crash |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
CPP core not generated when FP crash happen
Conditions:
Perform SPA OIR with Unicast/Multicast/Broadcast storm control on 32k EFPs
Workaround:
n/a
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj46330 | Title: | ucode crash seen on disabling nat64 flow entry |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Both ESP may crash
Conditions:
while disabling flow entries with running traffic
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul64664 | Title: | packets are leaked when VC goes down |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
After VC goes down, that packets are received on xconnect interface are leaked.
Conditions:
-when VC goes down
-Unicast packet with TTL>=2 are received on that xconnect interface
-When having the route for the destination of the unicast packets
Workaround:
-remove the route from the routing table
-apply an ACL to deny these leaked packets
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(2)S1, 15.3(2)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh87919 | Title: | PuntPerCausePolicerDrops seen on LISP router |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Seeing PuntPerCausePolicerDrops on sending traffic through LISP router.
Conditions:
No traffic drops associated
Workaround:
none
Further Problem Description:
none
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh88723 | Title: | Kingpin: PLIM Ingress classification doesn't work on Clearchannel-SPAs |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Plim Ingress classification doesn't work on Clearchannel-SPAs. High priority traffic will continue to be treated as normal traffic and flows in Low Priority queue.
Conditions:
With PLIM ingress classification, despite assigning "map ip dscp 16 - 31 queue strict-priority" traffic flows in Low Priority queue.
Workaround:
No work around
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj11722 | Title: | ESP Crash when executing 'show platform packet-trace packet all' |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ESP reload using packet-trace tool.
Conditions:
debug platform packet-trace enable
debug platform packet-trace packet 16
show platform packet-trace packet all
Workaround:
Display packets individually rather than all at once:
show platform packet-trace packet <0-8191>
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh80492 | Title: | RP2: kernel_rp_RP2 crash found on XE-310 image (06/27) |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom: The system crashes and it causes a reload. Messages that can be seen on the console indicate there is a "NULL pointer dereference". For example:
BUG: unable to handle kernel NULL pointer dereference
This is followed by a stack trace.
Conditions: This symptom occurs due to lack of proper locking semantics on the variables controlling the IPC namespace.This crash is unlikely to occur in normal situations. The user will need to have shell access and then access a task file under /proc (for example: /proc/29208/ns/ipc) which gives stats on the IPC namespace.
Workaround: There is no workaround.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul67310 | Title: | SOR_CSR32_SOR_ERR_LEAF_INT__INT_SOR_OPF_GRANT_PTCL_UVFcauses ucode crash |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ASR1K microde crash with either of the following errors
SOR_CSR32_SOR_ERR_LEAF_INT__INT_SOR_OPF_GRANT_PTCL_UVF
OPF_CSR32_OPF_LOGIC_ERR_LEAF_INT__INT_START_OF_BURST_MARKER_ERR
Conditions:
This issue ONLY affects on ASR1002x and ASR1K RP2/ESP100 based platforms
running 15.2(4)S, 15.3(1)S, 15.3(2)S, 15.3(3)S, and 15.4(1)S based images.
This issue can occur on platforms with scaled sub-interface or broadband
session configurations when the number of sub-interfaces or sessions on a
interface is reduced from > 4000 to less than 4000 and moderate to heavy
traffic flow is occurring at the time that the sub-interface or session
count is reduced. If the the ASR1K is operating below this threshold or
above this threshold this issue is not seen.
Workaround:
None
Further Problem Description:
This issue is a result of a scheduling hierarchy restructuring issue when
the number of sessions is reduce such that we drop below this 4000
sub-interface or broadband session threshold on a interface. As indicated
above, if the sub-interface or broadband session count is below 4000 or
consistently above 4000 this issue should not be seen.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S1 |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul02786 | Title: | QoS traffic rate is off with fair-queue used in the child policy |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
The original issue fails silently and it is only detected via traffic or inspecting the hierarchy via the CLI, show plat hard qfp act feat qos que out int hier detail. The QoS rates are in accurate due to a bad hierarchy. Subsequent crashes and the issue that is documented in this DDTS were regression from the original fix intended to build the hierarchy on ESP-100 correctly.
All issues involved fair-queue in a flat or hierarchical policy when applied on the fly.
Conditions:
Applying fair-queue on the fly resulted in the bad hierarchy. As a result the provisioned services could not be guaranteed.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum49940 | Title: | ASR1k crash in H323v6 ALG NAT+FW with h323 debug command enabled |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
router is crashing while sending testing H323v6 ALG with NAT+FW configuration by enabling h323 debug commands
Conditions:
Crash is happening only when h323 debug commands applied
Workaround:
no workaround
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul50570 | Title: | Ucode crash followed by cpp crash while scaling to 500 MLPoA bundles PTA |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
A hardware interrupt causes service outage and a micro-code core will be generated. This condition puts the router in an inoperable state.
This issue would affect bundle interfaces such as MLPPP and GEC aggregate mode.
Conditions:
While processing dynamic reconfiguration events, one of the scheduling node is left in a committed but not forward state. When a flush packet is injected in a flush queue to complete the reconfiguration process, it causes a hardware interrupt when it traverses the node that was left in a non-forwarding state.
Workaround:
There is no known work around.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo02558 | Title: | Crash Executing 'show platform packet-trace packet all' |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Crash in cpp_cp_svr when executing 'show platform packet-trace packet all'.
Conditions:
Crash can only occur when executing 'show platform packet-trace packet all'.
Workaround:
Display a single packet at a time using 'show platform packet-trace packet ' instead of using 'all'.
Further Problem Description:
Problem is very difficult to reproduce as probability of hitting the issue is less than 0.1%.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui80961 | Title: | asr1K error message CPPDRV-4-ADRSPC_LIMIT |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:The output of the following command shows that the QM CPP DRAM increases but does not decrease when fair-queue is removed from a class before it is active in HW.
show plat hard qfp act inf exmem stat user | incl QM
Over time the system runs out resource DRAM causing subsequent configuration events that require CPP DRAM objects to fail.
The impact could be the system being unable to process new configuration events or the data plane being unable to allocate resource DRAM during packet processing.
Conditions:When fair-queue is removed from a class before it is activated in the hardware, the BQS RM was not freeing the WRED DRAM object used to store the fair-queue configuration. Over time, the system runs out of CPP resource DRAM. The error message described in the description is displayed and all configurations start failing.
This conditions impacts the whole system as opposed to just queueing features.
Workaround:None
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S2 |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum90841 | Title: | RSTP and MSTP looping issue on ASR1k |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Loop when running MST or RSTP on ASR1k
Conditions:
ASR1k running XE 3.10 with MST or RSTP configured.
Releases prior XE 3.10 are not affected.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj77998 | Title: | ESP200: All packets dropped after sequence number overflow |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom: All packets that need to be encrypted may be dropped.
Conditions: This symptom occurs when traffic is flowing on an IPSec tunnel for a long duration without any rekey and the crypto sequence number overflows. It is observed only on Cisco ASR 1000 Series ESP 200.
Workaround: Have a shorter rekey interval.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui14753 | Title: | XE310: Named IP ACL does not work for Hash assignment. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Named IP ACL does not work for Hash assignment
Conditions:
Apply ip and acl configs on UUT
Workaround:
none
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum75385 | Title: | "sh platform hard qfp active datapath util" displays wrong data |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
"show platform hardware qfp active datapath utilization" displays wrong data.
When high priority traffic (ip precedence 6,7) is sent, the counters against "Input Non-Priority" rows increment.
When low priority traffic (ip precedence 0,1,2,3,4,5) is sent, the counters against "Input Priority" rows increment.
Conditions:
This can occur when using esp100.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S1, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq09004 | Title: | RP crashed with cpp_cp_svr crash in cpp_qm_event_insert_leaf_node |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
After upgrading the ASR to the latest 15.2(04)S and later 15.X releases the ASR1K started crashing. The trigger for this crash is when a flat QoS policy with fair-queue is applied to a frame-relay interface.
Conditions:
The trigger for this crash is the flat QoS policy with fair-queue applied to the frame-relay interface. In this case the two key components that together triggered this failure was the frame-relay plus the flat policy with fair-queue.
Workaround:
The workaround is a cosmetic change that will cause NO functional impact. The workaround is to convert this flat policy to a hierarchical policy with a parent shaper set to 100%.
policy-map PM_POS_PARENT
class class-default
shape average percent 100
service-policy PM_POS
!
interface POS0/1/0
no ip address
encapsulation frame-relay
load-interval 30
crc 32
pos scramble-atm
frame-relay lmi-type ansi
service-policy output PM_POS_PARENT hold-queue 4096 out
Further Problem Description:
This issue is specic to the ASR1K X platforms (ASR1002x, ASR1001x) and ASR1K with ESP100/ESP200.
This issue is not applicable to the older ASR1K platforms using ESP5/10/20/40 or non-X series ASR1002/1001 platforms.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S2.1 |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S4, 15.4(1)S3, 15.4(2)S2, 15.4(3)S0z, 15.4(3)S1, 15.5(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj52287 | Title: | ASR1k: ESP crash caused by BFD code defect in RLS3.10.0 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ESP crashed with error message:
%CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Conditions:
The crash is caused by a defect in BFD though no BFD is configured on any interface
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj39901 | Title: | ASR Crash with CGN in the config |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Crash with "ip nat settings mode cgn" in teh config
Conditions:
None specifically
Workaround:
Reload after changing settings.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh85883 | Title: | MPLSSETVRF: BGP routes are not coming up and so the common_setup fails |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
mplssetvrf bgp routes are not coming up along with multi-vrf PBR
Conditions:
The destination address of the packet is ASR local address. Say, the packet is for us packet.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(2)S1 |
|
Known Fixed Releases: | 15.2(4)S4, 15.2(4)S4a, 15.3(2)S2, 15.3(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj46180 | Title: | XE310 GTP: echo request without private extension IE is dropped. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
echo request is dropped.
Conditions:
echo request without private extension IE
Workaround:
no
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.3(3)S7 |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo11035 | Title: | One way audio on some outgoing calls to PSTN across CUBE-SP. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
One way audio on some outgoing calls to PSTN across CUBE-SP.. This is seen for call flow scenarios involving forking and with multiple call legs for the same call going through the SBC
Conditions:
asr1k configured as CUBE SP SBC running IOS XE 3.10.1
Workaround:
none
Further Problem Description:
CUBE SP drops RTP stream in one direction for some call flow scenarios involving forking with the SBC terminating multiple call legs of the same call.
Call flow is following:
Signaling:
PBX-client --- PBX ---- SBC ---- Proxy -two forked calls---- SBC --- Cisco PGW2200 ----- SBC ----- Proxy ---- SBC --- PSTN operator
Media:
PBX-client - SBC - PSTN operator
Issue is that SBC forward the RTP to the PBX-Client, and PBX-Client sends RTP to the SBC, but SBC does not forward that RTP to the PSTN operator.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun79934 | Title: | IN/OUT_UNEXP_OCT_EXCEPTION debug message need incluse error cause |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
qfp ipsec debug message format changed
Conditions:
none
Workaround:
none
Further Problem Description:
none
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj19293 | Title: | Binds are seen after removing Static NAT mapping with route-map |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Bindings are present after inconfiguring Static NAT mappings
Conditions:
static NAT mappings with route-map
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun99766 | Title: | ASR 1002-X crashed while changing appnav WAAS configuration |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
A router crashes while making changes to an AppNav policy map or a class map.
Conditions:
This symptom occurs under the following conditions:
- Multiple AppNav controllers are used.
- Sessions are created and can be seen using show service-insertion statistics sessions.
- AppNav policy map and class map is modified when live traffic is redirected by AppNav.
- Policy map or class map change results in a mismatch between AppNav controllers.
Workaround:
When using AppNav Controller Group with multiple ACs, avoid changing the policy map or class map when there are active sessions present (use show service-insertion statistics sessions).
Further Problem Description:
A crash occurs after a policy map or class map change results in changes to the existing session and subsequently a new connection matching this session is synced to the other ACs which are not aware of the new policy map or class map.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S0.3 |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S3, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui77173 | Title: | PPP Keepalives on MLPPPOA session are dropped during congestion |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Under certain traffic conditions, an MLPPPoA session may flap; causing traffic drops.
Conditions:
On a router running IOSXE, such as an ASR1000, a PVC that is congested in the egress direction may cause a link in an MLPPPoA bundle to flap. The reason for the flap may be due to missing Keepalives.
Workaround:
There are no known workarounds.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw57225 | Title: | PFRv2 not work well for 10% inbound load-balance |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Even if 10% inbound load-balance is configured, sometimes, inbound load difference becomes bigger than 10% for some period, say 30 min. And, if traffic load pattern is changed, sometimes inbound load oscillation and overshoot are observed.
Causing major impact in pfrv2 ingress and egress load-balancing.
Conditions:
"This symptoms were observed, when "max-range-utilization percent 10" or "max range receive percent 10" was configured with PfRv2.
Workaround:
no workaround
Further Problem Description:
|
|
Last Modified: | 12-DEC-2015 |
|
Known Affected Releases: | 15.2(2)S |
|
Known Fixed Releases: * | 15.6(1.17)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj58272 | Title: | BQS RM proc reparent crash during PPP eth session bring up in 1002x |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
The CP process crashes when reparenting more than 128 entries from one tree to the other. A reparenting event could be stimulated by either an internal or external event but this issue is more likely to caused by an internal reparenting.
An internal reparenting could occur when a leaf node is transformed into a hierarchy layer node or when de-aggregating an aggregation node after the schedule size is below the 4000 threshold.
Conditions:
When reparenting either a leaf or hierarchy layer entries, the resource manager was not clearing the counter that tracks the number of entries that need to be flushed after processing the first batch. This caused the code to run incorrectly to a point of completing the request prior to reprogramming the HW correctly. As a result some entries may be left in the source parent which cause a crash when the tree is freed before it is empty.
Workaround:
No workaround
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh73422 | Title: | ASR1k Crashes with MAP-T Configs |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ASR1k With MAP-T Configs crashes.
Conditions:
When Ping Initiated to public IPV4 Address, ASR1K crashes with Core dump, and the packet was translated but the packet causes an ICMP error message to be generated, and in some cases of ICMP error generation, the box could crash.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj72342 | Title: | FP crash while running ppp sessions with CGN enabled |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
FP crash occurs with PPP sessions
Conditions:
On applying nat settings to CGN mode
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.4(1)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui47819 | Title: | AOR doesn't work on all traffic monitor with application name |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Configure url tool ezpm and run traffic. Following fields have wrong values: connection to server netw delay sum, connection to client netw delay sum, connection client, server netw delay sum, connection application delay sum, connection application delay max,
connection client server resp delay sum, connection server packets counter, connection initiator octets, connection client packets counter
Conditions:
When url tool is configured alone.
Workaround:
Enable other ezpm tool additionally.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S, 15.4(3)M, 15.4(3)M1, 15.4(3)S, 15.4(3)S1, 15.4(3)SN1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui13781 | Title: | FP crash with NAT +NBAR + APPNAV |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
FP may crash with HTTP and FTP traffic
Conditions:
Configured NAT , NBAR and appnav over gre tunnel and HTTP
Workaround:
none
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S, 15.4(3)M, 15.4(3)M1, 15.4(3)S, 15.4(3)S1, 15.4(3)SN1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul27083 | Title: | ASR1K: Ucode crash seen while doing RP swo with 1000 ipv6_ipsec tunnels |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Ucode crash seen
Conditions:
Ucode crash seen while doing RP switchover with 1000 ipv6_ipsec tunnels and acls with traffic.
Workaround:
No workaround
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun78318 | Title: | Access-list is not functional on management int after RP switchover |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ACLs applied to the mgmte do not work on the new active RP after a RP switch over.
Conditions:
After a RP switch over as the old standby RP becomes the new active RP.
Workaround:
Remove then reapply the ACLs to the mgmte on the new active RP.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S2 |
|
Known Fixed Releases: | 15.2(4)S5.15, 15.2(4)S6, 15.3(3)S2.10, 15.3(3)S3, 15.3(3)S4, 15.4(1)S2, 15.4(1)S3, 15.4(2)S0.3, 15.4(2)S1, 15.4(2)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul93292 | Title: | ucode crash with alg traffic |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Ucode crash with alg traffic when there are flow passing through
pysical interface with nat configuration
vasi interface with nat configuration in the same box
Conditions:
Ucode crash with alg traffic
Workaround:
disable all the algs
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun08855 | Title: | ASR crash with iosd punting packet to port-channel with ERSPAN |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ASR router crash with iosd punting packet to port-channel with ERSPAN configured on the router
Conditions:
port-channel and ERSPAN configured on the router
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo55508 | Title: | CPP crash encountered with packet tracing enabled |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
A cpp-ucode crash is encountered.
Conditions:
Using packet-trace to trace packets in a feature environment where packets are replicated using egress conditions.
debug platform packet-trace enable
debug platform packet-trace packet 16 fia-trace
debug platform condition egress
debug platform condition start
Workaround:
Do not use fia-trace.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S, 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue30831 | Title: | ISR4450:Crash in some show commands for IOMD |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
"Process held down" message and reboot/reinitialization of a module will occur, possibly causing a short-term loss of traffic to the module.
Conditions:
When entering the
show plat software iomd conn statistic
command before the module is fully up.
Workaround:
Make sure the module is shown as 'up' in
'show plat'
before executing the command
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun13999 | Title: | After adding QoS w/ 'fair-queue' see PLIM driver informational error msg |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Under interface superscription condition we might see the following error message on router console:
%CMCC-3-PLIM_STATUS: SIP0: cmcc: A PLIM driver informational error TXMC0 - txmcBufferOverflow, block 1f count c8
Conditions:
When "fair-queue" is used in QoS policy-map, under interface subscription condition the flow-control between BQS and SPA might excommunicate, hence the error message is printed.
%CMCC-3-PLIM_STATUS: SIP0: cmcc: A PLIM driver informational error TXMC0 - txmcBufferOverflow, block 1f count c8
Workaround:
No workaround
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj35345 | Title: | ISSU XE312<->XE311: FP crash@sbc_init_req_handler after FP upgrade |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
sbc_init_req_handler seen after FP Upgrade
Conditions:
After FP upgrade
Workaround:
No
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.4(1.5)S, 15.4(1.9.1)XEB, 15.4(2)S, 15.4(2)S1, 15.4(2)S2, 15.4(2)SN, 15.4(2)SN1, 15.4(3)S, 15.4(3)S1, 15.4(3)SN1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun04952 | Title: | Shutdown tunnel causes AppNav-XE traffic loss |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | customer seen defect
Symptom:
Traffic which needs to be send between appnav-controllers will get lost.
Received inter-appnav-controller packets will get assigned to the shutdown tunnel interface.
As a result, no flows will be synchronized between this appnav-controller and appnav-controllers in the same appnav-controller-group. Asymmetrically routed packet will also fail due to lack of flow and unable to query flow from other appnav-controller.
Conditions:
Having a shutdown tunnel interface configured with tunnel source equals to the local appnav-controller IP and tunnel destination equals to the IP of another appnav-controller in the appnav-controller-group (i.e. another ASR router).
To detect this problem the following counter will go up for every dropped packet:
show platform hardware qfp active statistics drop | i Disabled
alternatively you can use a packet-trace feature on 3.10.2 and above to check for the dropped reply getting send to the shutdown tunnel interface.
Workaround:
Remove the shutdown tunnel from configuration or un-shutdown it.
Further Problem Description:
The received packet shares the same source and destination IP of an existing GRE tunnel before matching AppNav tunnel. And since the tunnel interface is disabled, the packet is dropped before reaching AppNav's handler.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S1, 15.3(3)S2, 15.4(1)S |
|
Known Fixed Releases: | 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui05425 | Title: | FP160: randomly FP not able to be brought up due to Octeon DRAM init |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
FP160 is not able to be brought up after router reload, randomly.
Conditions:
Using latest development branch image, occasionally will see FP160 fails to be brought up. On my current ASR1003 router with dual FP160 setup, if I try reload the box 10-20 times, there will be 2-5 times I will FP is stuck at init state.
Workaround:
No workaround. But since this is random event. Reload another time will have good change to bring up the FP160.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun24965 | Title: | XE3.7.5:FP100:Issue with model4 QoS shaping |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
On the ASR1000 series router hen configuring a QoS service policy using the service-fragment type, the shaping value is not correct.
Conditions:
A QoS Service Policy is applied using the service-fragment keyword, the shaped value is not correct.
Workaround:
one
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S3, 15.4(1)S2, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul81725 | Title: | FP crash during MLPoEoPTA |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
cpp_cp_svr on ESP crashes.
Conditions:
When configuring MLPoEoPTA, the control plane events generated to the data plane cause the data plane to crash if the events are generated in a certain order. This is highly dependent upon timing between the control plane and data plane.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun26943 | Title: | HA IPC not robust |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
In an INTRA-box redundancy configuration, the STANDBY FP and ACTIVE FP may not be syncing dplane HA records robustly.
The easiest way for the customer to recognize if this *might* be happening is by examining the output of the
show platform hardware qfp active system intra and the show platform hardware qfp standby system intra CLIs.
If the output shows the counters " rx dropped" and/or "retx" continuously incrementing, then this problem may have been encountered.
Conditions:
DUAL FP systems with stateful HA features such as NAT configured.
Workaround:
NONE
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj51538 | Title: | standby fp continuosly crashes on confg pap with NAT,NAT64 on same box |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Standby FP crashes
Conditions:
standby fp continuosly crashes on configuring pap with NAT,NAT64 on same box
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue27980 | Title: | ASR1k crash in CFT code while NBAR processes a packet |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom: A CPP crash triggered by NBAR may occur on Cisco ASR 1000 Series routers, Cisco 4000 Series ISR routers, and Cisco CSR 1000V routers.
Conditions: This symptom may occur under rare conditions of traffic mixture and rate when NBAR and NAT are both enabled.
Workaround: There is no workaround.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S, 15.3(3)S1 |
|
Known Fixed Releases: * | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)M, 15.4(3)M1, 15.4(3)M2, 15.4(3)M3, 15.4(3)M4, 15.4(3)S, 15.4(3)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui97685 | Title: | Firewall and PBR interworking regression issue after CSCuh98033 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
While testing "default_zone_basic_vrf_lite.tcl" script with latest mcp_dev "BLD-BLD_MCP_DEV_LATEST_20130821_003026" iam observing connectivity failure
Conditions:
Firewall and PBR interworking after CSCuh98033
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh24911 | Title: | asr1k MFR: MFR client should cleanup DLCI DB after DLCI disabled |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Unable to reuse a DLCI value for an MFR sub-interface.
Conditions:
This behaviour may be seen on ASR1000 routers using MFR with DLCI and FRF12 fragmentation. It may not be possible to reuse any of the formerly configured DLCI values if FRF12 was configured when they were changed to another value.
For example, given the following configuration under an MFR interface.
interface MFR11
...
frame-relay fragment 80 end-to-end
And the following configuration under an MFR sub-interface:
interface MFR11.1 point-to-point
...
frame-relay interface-dlci 16
The following change to the MFR sub-interface may render the previous value (16) unusable.
interface MFR11.1 point-to-point
...
frame-relay interface-dlci 32
Workaround:
It may be possible to avoid this behaviour by removing the FRF12 configuration from the MFR interface prior to changing the DLCIs of any of the sub-interfaces.
For example, on the MFR interface, remove the fragmentation configuration line:
interface MFR11
no frame-relay fragment 80 end-to-end
Then change any DLCI values, and re-configure fragmentation, as in the following example:
interface MFR11.1 point-to-point
frame-relay interface-dlci 32
interface MFR11
frame-relay fragment 80 end-to-end
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj42585 | Title: | GEC:QoS: cpp_cp_svr crash @pp_qm_event_get_parent_event when mem join |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
When a flat policy is applied to a MLPPP, MFR or GEC aggregation bundle, the current leaf schedule object is replaced with a new one. The code was not updating the cached object which resulted in accessing invalid memory when the bundle bandwidth is updated. The bandwidth is updated when a member link is added to or removed from the bundle.
Configuration example:
policy-map foo
class prec1
bandwidth percent 10
interface Port-channel1 aggregate
ip address 8.0.0.1 255.255.255.0
no negotiation auto
lacp min-bundle 2
service-policy output foo
Conditions:
When a bundle schedule is replaced, the cached object was not being updated leading to interface bandwidth update event to access invalid memory.
The problem is not easy to recreate as would require the QOS event for processing the flat policy to be interleaved with an interface bandwidth update event.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj56505 | Title: | SCCP phone registration on CCM not happening via ASR1k |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
SCCM phone registration on CCM via ASR1k is not happening
Conditions:
ASR1k is configured with NAT configuration
Workaround:
no workaround
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug53310 | Title: | Traffic drops in "ZBF register failed" |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ICMP v6 traffic is observed to drop
Conditions:
ICMP v6 traffic is observed to drop with cxsc configured under the zbfw policy-map. Drops are observed the zone is applied on a DMVPN tunnel.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S |
|
Known Fixed Releases: | 15.2(4)S4, 15.2(4)S4a, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun83231 | Title: | ISSU XE310->XE311:ELC is not coming up after CC/SPA upgrade |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:After sub package ISSU operation is performed, ELC does not come up and following error messages are seen.
*Mar 19 23:10:10.607 PDT: %PMAN-0-PROCFAILCRIT: SIP1: pvp.sh: A critical process mcpcc_lc_ms has failed (rc 127)
*Mar 19 23:10:10.865 PDT: %PMAN-5-EXITACTION: SIP1: pvp.sh: Process manager is exiting: critical process fault, mcpcc_lc_ms, cc_1_0, rc=127
Conditions:Issue is specific to ELC.
Issue is specific to sub package upgrade.
Issue is seen across all releases that support ELC.
ELC means ASR1000 Ethernet Line Cards - These are: ASR1000-2T+20X1GE and ASR1000-6TGE line cards.
Workaround:Consolidated upgrade can be performed.
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum73445 | Title: | ASR1K: cpp_cp_svr crash @ cpp_bqs_rm_update_rate_profile |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
cpp_cp_svr crash.
Conditions:
Problem has been intermittently seen when tearing down bundle type interfaces such as MLPPP and MLFR.
Workaround:
None
Further Problem Description:
This is a timing sensitive issue and is not seen consistently when these bundle type interfaces are being torn down.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh76624 | Title: | Pending objects with large scale configurations |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
The "show platform software object-manager f0 statistics" command shows pending-objects that do not clear after making configuration changes (or potentially on system boot).
Conditions:
Can occur on the CSR1000V or ISR4400X platforms with large scale configurations.
Workaround:
No workaround
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S, 15.4(1)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun37698 | Title: | ESP crashes with NAT and WCCP configured |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
An ESP might crash
Conditions:
The device has NAT and WCCP configured. It looks like WCCP fails to setup the output interface correctly. This leads to NAT accessing a bad location in memory which causes a crash. The exact conditions are still being looked at.
Workaround:
None Known.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui41298 | Title: | For IP UDP tunnel, udp header udp_len is zero for vxlan multcase traffic |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | this issue potentially exist in xe3.10 the frist build. just not exposed in pmip udp case.
Symptom:
udp tunnel header udp_len is definitely 0, not correctly fixedup
Conditions:
the tunnel intf is changed from un-udp tunnel to udp tunnel mode.
(1) vxlan case, the nve will auto create a udp tunnel. the tunnel interface also have the processing with tunnel mode updation, so cause the tun_mode is wrong saved in the uidb subblock
(2) pmip udp tunnel case, the tunnel is created with udp mode, not changed from other tunnel mode. so the tunnel mode saved in the uidb subblock is correct. this is the reason why pmip udp case not expose this issue.
Workaround:
none
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun85761 | Title: | L2 frame check failure when payload length increase with ldap alg |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
L2 frame check failure when payload length increase with ldap alg
Conditions:
Steps:
======
translate sipAddress into longer address length
Workaround:
n/a
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum40363 | Title: | H323v6 ALG NAT+FW: End-points not receiving audio packets |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
while making h323 call ,audio packets which are passing via ASR router not receiving at the endpoints.
Conditions:
ASR router is configured with NAT+Firewall
Workaround:
no workaround
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh80368 | Title: | erspan performance downgrade in FP160 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
erspan performance downgrade in FP160
Conditions:
erspan under FP160
Workaround:
none
Further Problem Description:
enable erspan , then send 64 bytes traffic, the issue happened
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul43587 | Title: | ucode crash@on removing cgn mode |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ucode crash
Conditions:
on removing at cgn mode
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum04528 | Title: | ASR1002-X crash at ipv4_nat_destroy_door |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom: A Cisco ASR 1002-X router might crash and reload writing a core file in the process.
Conditions: This symptom occurs with a Cisco ASR1002-X router running NAT with ALG traffic.
Workaround: There is no workaround.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S1 |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun67171 | Title: | NAT: QFP crash max entry is changed |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
QFP crash
Conditions:
max entry is less than nat translation number
Workaround:
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun49087 | Title: | ASR1002x crash post %CPP_FM-3-CPP_FM_FIPS_BYPASS_TEST fail |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom: A Cisco ASR 1002x router crashes.
Conditions: This symptom occurs during duty cycle testing with a lot of negative events in the DMVPN setup.
Workaround: There is no workaround.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S1 |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun48994 | Title: | ESP100 crash while running traffic with 8K mlp bundles |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
The CP process crashes while collapsing a hierarchy layer node that had once exceeded 4000 entries. The collapse occurs when the number entries falls below 4000.
Conditions:
This problem occurs while collapsing a node that had once exceeded 400 entries. The problem is specific to MLPPP, MFR and GEC aggregate because these features require notification when a schedule ID changes. The schedule ID changes when a scheduling node is reconstructed. The issue hit when the operation involves both the flushing and SID notification.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun04417 | Title: | XE310, GTP: GTPU performance in 1 firewall session is downgraded. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
GTP U packet forwarding capability is downgraded.
Conditions:
1 firewall session
Workaround:
No.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S, 15.3(3)S7 |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui95380 | Title: | isis pkt failure in v6GRE tunnel when MTU is higher than default value |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
sis neigh can not be setup and stuck at "init" status
Conditions:
when configured the MTU bigger than default value
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux42411 | Title: | ASR1001-X Frame Relay with Fortitude NIM fails due to LMI packet padding |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Serial interfaces with Frame Relay or HDLC encapsulation remain down. Frame Relay LMI timeouts.
Conditions:
NIM-1CE1T1-PRI or NIM-2MFT-T1/E1 in ASR1001-X chassis.
Workaround:
None.
Further Problem Description:
Customers can use SPA-8XCHT1/E1-V2 as an alternative on ASR1001-X.
|
|
Last Modified: | 12-DEC-2015 |
|
Known Affected Releases: | 15.4(3)SS |
|
Known Fixed Releases: * | 16.2(0.213) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCto89613 | Title: | fman fp crash observed @ cpp_mem_handle_2_ppe_mem |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ESP crash observed. When Peer PE router is reloaded
Conditions:
3K Xconnects scaled condition
Workaround:
None
|
|
Last Modified: | 13-DEC-2015 |
|
Known Affected Releases: | 15.1(3)S, 15.1(3)S3 |
|
Known Fixed Releases: | 15.1(3)S5, 15.2(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux44780 | Title: | ASR1K/ISR4K crashes after removing tunnel interface |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Removing a DMVPN tunnel interface with shared tunnel protection from the configuration using the 'no interface tunnel X' command, can cause an ASR1K (or ISR4K) platform to crash
Conditions:
Two or more DMVPN tunnels (using shared tunnel protection) are configured between the same two devices, sourced from the same interface and are separated by having one of the tunnels in an I-VRF (inside vrf)
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 14-DEC-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCua79516 | Title: | SYN packets for ftp-data sessions are sporadically dropped |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms: SYN packets to establish ftp-data connections are sporadically
dropped at the Cisco ASR router.
Conditions: This symptom is observed under the following conditions:
- Using the active mode FTP.
- Using PAT.
- The symptom is observed on ASR1K.
Workaround 1: Use the passive mode FTP.
Workaround 2: Use the static NAT/dynamic NAT configuration.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 15.2(2)S, 15.2(2)S1 |
|
Known Fixed Releases: | 15.2(2)S2, 15.2(4)S1, 15.3(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut79286 | Title: | ASR1K QoS feature doesn't work fine with RP2/Rls3.x |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
For functionality
The queuing/scheduling is fail to function.
When the issue is observed, see dropped the high priority packets.
The remark is function normally.
For Counter of show commands
The physical I/F of output counter is fail to function.
The sub I/F of output counter is fail to function to class-default only.
Conditions:
Workaround:
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: * | 15.5(1)S2.14, 15.5(1)S2.15, 15.5(1)S3, 15.5(2)S1.7, 15.5(2)S2, 15.5(3)S0.8, 15.5(3)S1, 15.5(3)S1a, 15.6(0.16)S, 15.6(1.4)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut77070 | Title: | SPA-1xCHOC12/DS0 not supporting Framed E1 connections. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Framed E1 on SPA-1xCHOC12/DS0 is not coming up. The device is sending AIS to the remote node.
Conditions:
The issue is with Framed E1's. When we configure unframed E1, the link is coming up.
Workaround:
No workaround
Further Problem Description:
NA
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: * | 15.3(3)S6.6, 15.4(3)S3.3, 15.4(3)S4, 15.5(1)S2.15, 15.5(1)S2.2, 15.5(1)S3, 15.5(2)S0.8, 15.5(2)S1, 15.5(2)SN, 15.5(2.21)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCur24793 | Title: | l2protocol forward not work for STP, LLDP, PPTPv2 and E-LMI in EVC |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
STP, LLDP, PPTPv2 and E-LMI keep being punted/forward regardless of the l2protocol forward CLI
Conditions:
Config l2protocol forward stp elmi lldp under EVC
Workaround:
N/A
Further Problem Description:
N/A
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.3(3)S5.11, 15.3(3)S6, 15.4(3)S3.3, 15.4(3)S4, 15.5(1)S2.15, 15.5(1)S2.7, 15.5(1)S3, 15.5(1.18)S0.9, 15.5(2)S, 15.5(2)SN |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq43261 | Title: | ASR1000: NAT Crashes when scaling concurrent SIP NAT sessions beyond 900 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
ASR 1000 running NAT might experience a ucode crash when SIP calls are going through the
box and getting NATted.
Conditions:
When SIP calls are NATTed on the ASR1000, the box could crash mostly
at a high volume of calls.
Workaround:
There is no workaround known at this time.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy23039 | Title: | cpp crashed on sending malformed packets at "rbuf_ooh_handler" |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
FP reset seen while sending the malformed packets using ISIC tool.
The bug is mainly coming when you've NAT configured on ASR.
Conditions:
The FP reset will happen only when ASR is configured with NAT and lot's of Malformed packets are getting natted.
Workaround:
Inspect the malformed packet before they hit the NAT on ASR.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsu52265 | Title: | ISG ASR L4Redirect: L4 redirct feature broken in ISG DM4 test |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
In ISG IP session aggregator with VRF transfer test ( ISG Deployment Model 4), L4 redirect didn't not happen with access external website from client PC.
Conditions:
Using Client Real PC to do L4 Redirect trasnsfer with VRF to broadhop SME portal
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNB1, 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso24702 | Title: | cpp crash at cpp_fia_free testing NAT and NBAR |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
A crash of the ESP may occur when NBAR or NAT configuration is removed.
Conditions:
Service policies are applied to the interfaces.
Workaround:
Avoid unconfigure of NAT/NBAR when using QoS.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2S, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso91092 | Title: | MCP: TCP sessions are not closed after Idle timer expires |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
TCP sessions are not closed after Idle timer expires
Conditions:
This symptom is observed on a Cisco ASR1000 router while sending the telnet traffic with one or two times
Workaround:
Make sure that idle timer is not equal to syn or fin idle time.
(i.e. syn idle time and fin idle time default to 30 seconds. Set the tcp idle time to 29 or 31 seconds.)
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy15577 | Title: | Stuck threads on cpp reuse sw_lock |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
SWASSIST interrupt indicating stuck threads
Conditions:
Race conditions that may happen during normal operation with no specific
catalyst.
Workaround:
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb12223 | Title: | ASRNAT: forced removal of pool currently broken for dynamic configurat |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
ASRNAT: forced removal of pool currently broken for dynamic configuration
Conditions:
ASRNAT: forced removal of pool currently broken for dynamic configuration
Workaround:
Use 'clear ip nat trans' and then remove pool (unforced) OR
Do a forced removal of the mapping and them remove the pool (unforced)
Further Problem Description:
Currently targeting 2.4.1 for fix
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut06783 | Title: | Fortitude NIM does not come up on ASR1001x |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
NIM not coming up on XE315 boot up
Conditions:
While booting the Nightster router with XE315 image, NIM not coming up.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.5(2)S, 15.5(3)S |
|
Known Fixed Releases: * | 15.5(2)S, 16.1.1, Denali-16.1.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsw90645 | Title: | QOS misclassification of NBAR protocols |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
Class map statistics show wrong results for NBAR classification.
Conditions:
This issue happens only when NBAR classification is enabled via MQC CLI (e.g. match protocol bgp, etc) . This issue is not seen when NBAR is enabled via protocol discovery on an interface (via ip nbar protocol-discovery CLI). This bug is fixed in 2.3. This bug has no impact on previous releases.
Workaround:
None.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNA, 12.2(33.1.19)REM |
|
Known Fixed Releases: | 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb63894 | Title: | VRF AWARE ALG H323 Crash during Scale Test |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ESP Crash is observed while doing VRF AWARE H323 ALG Scale test
Conditions:
Scale level of 900 Concurrent H323 Calls
Workaround:
No workaround
Further Problem Description:
Scenario VRF to GLobal , Dynamic NAT with Firewall ALG configuration is used
Hardware used ASR 1006 ESP 10 ,RP1
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy68955 | Title: | multicast packets are not treated as high priority with service-policy |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
When ASR has an interface which has input service-policy, and multicast
packets with DSCP EF are received by that interface, ASR incorrectly treats
them as Low priority packets.
Conditions:
This happens only when input service-policy is applied on ingress
interface.
Workaround:
No work around.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: * | 12.2(33)XNC0a, 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsu04554 | Title: | IPHC: Cisco format not supporting Context-State pkt |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
The Cisco ASR1000 Series Router may experience an unexpected reload when IPHC is configured in IPHC is configured in "original/Cisco" format
Conditions:
IPHC is configured in the "IPHC is configured in "original/Cisco" format.
Workaround:
None
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNA2, 12.2(33)XNB1, 12.2(33)XNC, 3.9.0.6i.BASE, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx39647 | Title: | Static NAT with Port Translation failed with ALG |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
With static configurations for ALGs, applications might not work correctly behind a device that performs Network Address Translation.
Conditions:
If there are customer configurations like ip nat inside source static or outside source static and the intention is to match the static translation for the ALG embedded address and ports, then the match will not happen correctly.
Workaround:
Workaround is to use PAT/Dynamic pool configuration for the ALG address and ports.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux11291 | Title: | OTV adjacency does not come-up with VRF |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
OTV adjacency does not come-up with VRF
Conditions:
join-interface and lan interfaces configured in vrf
Workaround:
No Workaround
Further Problem Description:
NA
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: * | 15.4(3)S4.5, 15.5(1)S2.25, 15.5(1)S3, 15.5(2)S2.1, 15.5(3)S1.1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut41815 | Title: | Unable linkup on opposing unit of ASR1k built in port after "no shut" |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Opposing unit's ports sometimes is not link-up after entering "shut" "no shut" on ASR1001X built in ports.
Conditions:
ASR1001X running with 3.13.2S or 3.14.1S.
Workaround:
Sometimes the issue is improved by input "shut" "no shut" again on ASR1001X built in ports
This issue is always improved by ASR1001X reload.
Further Problem Description:
none
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.4(3)S, 15.5(1)S |
|
Known Fixed Releases: * | 15.4(3)S2.15, 15.4(3)S3, 15.5(1)S2.14, 15.5(1)S2.15, 15.5(1)S3, 15.5(2)S0.6, 15.5(2)S1, 15.5(2)SN, 15.5(2.21)S0.12, 15.5(2.21)S0.6 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy09503 | Title: | CPP crashed on sending malformed packet using ISIC. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
Fp reset seen when sending malformed packets with NAT enabled.
Specially the bug was coming while doing FP switchover.
Conditions:
FP switchover with malformed packet sent from ISIC tool.
Workaround:
Now the bug is fixed but the workaround is inspect the malformed packet so that they wont' hit an ASR configured with NAT.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb63555 | Title: | FRR on ASR stitch point causes OCE counter stack exceed |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
OCE counter stack exceeds and the following message is seen continuously
"CE_FORWARDING-3-CAUSE_OCE_COUNTER_EXCEED_STACK:OCE counter stack exceed -Traceback:"
Conditions:
FRR switchover with ATOM configuration
Workaround:
None
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu03930 | Title: | RPcrash while booting with 3.13.2IOSXE after SPA-4XCT3/DS0-V2 insertion |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
RPcrash and core dump.
Conditions:
Post SPA-4XCT3/DS0-V2 insertion with 3.13.2IOSXE image.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S3.2, 15.4(3)S4, 15.5(1)S2.14, 15.5(1)S2.15, 15.5(1)S3, 15.5(2)S0.9, 15.5(2)S1, 15.5(2)SN, 15.5(2.21)S0.12, 15.5(2.21)S0.5 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz57480 | Title: | VRF NAT: %FMFP-3-OBJ_DWNLD_TO_CPP_FAILED: F1: fman_fp_image: ADDR-RANGE |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
ASR reload may occur in rare timing cases.
Conditions:
ASR reload may occur in rare timing cases when PAT is configured.
Workaround:
There is no workaround.
Further Problem Description:
Fix should be available with 2.4.1 and later releases.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb87468 | Title: | Qfp-Nbar: Cpp Ucode crash @ stile_release_link |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
CPP Ucode crash encountered with features like FPM, IPSec, NAT, ALG configured on the box
Conditions:
When traffic consisting of P2P protocols, HTTP, FIX, CITRIX, FTP, RTP is kept running for overnight with the box configured for all the features mentioned above, the CPP UCODE crash can be seen
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE, 15.4(3)M, 15.4(3)M1, 15.4(3)S, 15.4(3)S1, 15.4(3)SN1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsu91513 | Title: | QFP crashes with core when nbr router goes down with ALG |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ASR1000 series router has a software crash in its QFP. The traceback shows a generated ICMP packet causes an abort.
Conditions:
Application Layer Gateway (ALG) features run in the QFP and the manipulated packets becomes segmented. Such packets trigger route unreachable ICMP packet generated due to route going down.
Workaround:
No.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN1 |
|
Known Fixed Releases: | 12.2(33)XNB2, 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq20024 | Title: | NBAR with unknown protocol shoots PPE usage to 99% |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
When NBAR is configured, with traffic running through interface with NBAR configuration. QFP utilization is at 99%.
Conditions:
This happens when there are a bunch of traffic with protocols not recognized by NBAR.
Workaround:
No workaround.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2SR, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso63066 | Title: | move interface_id out of NAT_KEY1; this is broken with fragmented pkts |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
On the ASR1000 FP when NAT is configured with a routemap with match interface, fragmented packets may falsely match.
Conditions:
Workaround:
None, a fix is provide in Release 1.1.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN, all |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq34647 | Title: | MCP: alg_fw_common_inspection_handler () at logger.h:133 seen with alert |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Core file was genarated in HDD
B>Conditions:
This occurs only on the ASR1000 wihile running the feature audit and alert features.
Workaround:
No work around
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd17398 | Title: | ASR1k as BSR RP on NAT outside interface reports natted RP to outside |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom: when the pim bsr-router is on a NAT outside interface the RP gets natted correctly for the inside interfaces, but also gets incorrectly natted for the outside interfaces.
Conditions: This only occurs when BSR is configured on an outside interface.
Workaround: a possible workaround may be to configure this 2nd inside transltion, however this may cause unintended consequences like OSPF neighbor failures.
ip nat outside source static [Outside global IP address] [Outside local IP address] <- translation
ip nat inside source static [Outside local IP address] [Outside global IP address] <- workaround
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNF |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsu79433 | Title: | ASR1000-NAT crash under very high session rate (dynamic NAT) |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
ASR1000 experience a ucode crash.
Conditions:
Problem is a corner cases which is very unlikely to occur, but happens with TCP traffic which is timing out and having sessions created frequently.
Workaround:
None. Problem fixed in 2.2.2.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNB1, 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz72973 | Title: | CPP crashed with chunk_malloc for h323 ALG. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
ESP might reload with malformed H.323 packets running through the system and in the same time ESP failover is performed.
Conditions:
The malformed H.323 packets should be coming with a high rate and doing a ESP switchover in the same time.
Workaround:
There is no workaround for this as of now, but this problem is not happening everytime.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb89767 | Title: | IPSECv6:Delete/reconfig of IPsec config cannot be done while using FP20 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:Problem happens on an FP20.On configuring the ipsec part of the svti topology the delete and reconfig of IPsec does not happen
Conditions: In a FP20 svti ipsec setup with 1 tunnel
Workaround: Reload the router.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XND3, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso99425 | Title: | ucode crash with FW/SIP traffic on 4RU when neighbor goes down |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: |
Symptom:
FP reload
Conditions:
When too many(>254) subchannel are created under the same SIP control channel.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsw72162 | Title: | BGP sessions flapping due to PMTU discovery failure on CPP |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
BGP sessions flap on the ASR1000 series platform
Conditions:
This issue can be seen when the links between the Peer are load balanced and have different MTU values. This results in the need to fragment BGP protocol packets,which can cause drops of these packets under certain scenarios.
Workaround:
By default Path MTU discovery is enabled for BGP. Disable this PMTU discovery with following command; " neighbor X.X.X.X transport path-mtu-discovery disable" to avoid this issue.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNA |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy30685 | Title: | mVPN related code changers |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
mcast feature won't work when VRF configured.
Conditions:
When mVPN is configured, mcast is expected to work on not just on global table,
but, also VRFs.
Workaround:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2(33)XN, 12.2(33)XNC, 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq43921 | Title: | Ucode crashes in reassembly code with GRE frag |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
QFP microcode of ASR1000 series router may crash while doing reassembly on fragmented packets.
Conditions:
Fragmentation is based on GRE tunnel outer header and reassembly is performed on the tunnel end point under stress and packet dropping.
Workaround:
Configure IP MTU of the tunnel interface to be smaller than the physical interface's MTU, so that fragmentation occurs only on inner IP packet.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx06012 | Title: | ucode crash @ stile_input () with ISIC negative test |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
Router crashes when malicious IP packet is seen and NBAR is enabled on the interface receiving the traffic.
Conditions:
Applies to malicious IP packets with zero L4 payload (TCP or UDP) and a fake IP layer 3 header with length field that suggests a non zero L4 payload. This bug is fixed in release 2.3. It affects releases 2.2 and prior
Workaround:
Disable NBAR on the interface
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: | 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsu21589 | Title: | ucode crash when mapping configured with no pool configured |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
On the ASR1000 Series Router, with NAT configured, when a IP NAT inside mapping is configured and no pool is configured yet, and the traffic is flowing through the box that matches the mapping, an unepected reload of the Embedded Systems Router may occur.
Conditions:
NAT inside mapping is configured with an ACL and no NAT pool is configured.
Workaround:
Configure the IP NAT pool configured before configuring the NAT inside mapping.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNB1, 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsv14986 | Title: | ISG ASR DM4 Scale:CPP reload with L4Redirect VRF weblogon/staticIP,noQoS |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
MCP CPP reloads under IP session as aggregator with Static IP without MQC, sending
traffic with Spirent Avalanche 40 CPS.
Conditions:
L4Redirect with VRF weblogon, 40 CPS with Spirent avalanche traffic tool
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNB3, 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsr74264 | Title: | Fix fragmentation related issues |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
IP packets larger then 1500 not passing through IPSec tunnel.
Conditions:
Observed on ASR1000 Series Routers with IPSec tunnels.
Workaround:
There are no workarounds.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN, all |
|
Known Fixed Releases: | 12.2(33)XNA2, 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz77684 | Title: | Fman FP/CPP crash observed when FW sessions are cleared |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
FP reloads when fw sessions are cleared using "clear zone-pair inspect sessions" in the scaling scenarios
Conditions:
SIP ALG request too many levels of sub-channels.
When a SIP control channel receives an Invite message, it creates a sub channel.
Only the root control channel is allowed to recieve Invites, but the SIP ALG does not enforce this.
This is actually an attack on SIP. Subchannels are not allowed to accept Invites.
FIrewall now prevents extranious levels of subchannels from being created.
Workaround:
This problem is only associated with SIP sessions. Before clearing firewall sessions (explicit clear, delete zone pair, etc.) Set up ACLs on interfaces where the SIP flows traverse. The ACL should deny SIP control packets (port 5060). The sessions will timeout in idle time configured by the firewall parameter maps.
Further Problem Description:
Firewall sessions are kept in a hierarchy. The numbers of levels in this hierarchy are limited.
SIP violated this by requesting a hierarchy of sessions hundreds of levels deep. Firewall was not protecting itself from this condition.
When the sessions are cleared, FW recursively walks the hierarchy of a given session to tear down all the children and sibling sessions. Because there were hundreds of levels, firewall exhausted the stack.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd67034 | Title: | Various %CPPHA-3-FAULT errors with FRF.12 or MLP fragment reassembly |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
ASR1K "%CPPHA-3-FAULT: F0: cpp_ha: CPP:0 desc:..." and accompanying crash dump
of the CPP QFP complex.
The various errors which have been seen in association with this problem include:
"%CPPHA-3-FAULT: F0: cpp_ha: CPP:0 desc:..."
where desc: could be any of the following errors:
Desc: ETC_ETC_LOGIC1_LEAF_INT_INT_ETC_LKUP_DATA_ERR
Desc: ETC_ETC_LOGIC2_LEAF_INT_INT_GPM_ENQ_VTL_DROP_ERR
Desc: GAL_GAL_CSR_IPM_IF_GAL_IPM_IF_LEAF_INT_INT_IPM_ERR
Desc: GRW_GPM_GRW_CSR_RDWR_UNIT_0_GPM_RW_LEAF_INT_INT_REQUEST_ERROR
Desc: GRW_GPM_GRW_CSR_RDWR_UNIT_1_GPM_RW_LEAF_INT_INT_REQUEST_ERROR
Desc: GRW_GPM_GRW_CSR_RDWR_UNIT_2_GPM_RW_LEAF_INT_INT_REQUEST_ERROR
Desc: GRW_GPM_GRW_CSR_REQ_TOP_GPM_REQ_LEAF_INT_INT_MAP_ICREQ0_NO_CONTEXT
Desc: OPM_OPM_INT_REGS_OPM_META_LEAF_INT_INT_UNDEF_DESC
Desc: PQS_PQS_LOGIC1_INTR_LEAF_INT_INT_OUT_OF_RANGE_Q_ERR
Desc: SRT_SRT_PAR_ERR_LEAF_INT_INT_STEM_0
Conditions:
A corner case issue was discovered where the FRF.12 (Frame Relay Fragmentation)
and MLP (Multilink PPP) features were susceptible to various hardware detected error
conditions when performing fragment reassembly for cases where the last fragment
was a few bytes in length (approx. 4-8 bytes of payload after the protocol headers).
This condition has only been seen with high traffic rates in conjunction with the small
end fragment condition.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XND3, 12.2(33)XNE1, 12.2(33)XNF |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq77151 | Title: | ALG-H323: INFO-Sanity code: H323_SANITY_NOK |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: |
Symptom:
H.323 calls will be dropped by ALG when H.225 packets contain TCP options
Conditions:.
In general H.323 packets,specifically H.225 packets do not contain TCP options.
If H.225 packets contain TCP options, then these packets are dropped. This issue is observed when test equipment is used to generate H.323 calls with TCP options. But the same issue is not seen with physical phones
Workaround:
Generate H.323 calls without TCP options
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2S, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta03362 | Title: | NBAR : FP crashes while configuring the class-map with multiple protocol |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
FR crashes while configuring class-map with nbar
Conditions:
The above symptom is observered in ASR1000 while configuring with multiple match protocol statement
Workaround:
No Work around
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCte84990 | Title: | ipsec svti to mpls: down stream traffic from mpls core not label switch |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
ipsec svti to mpls: down stream traffic from mpls core not label switch. It might be just counter broken because there is no traffic drop
Conditions:
sh mpls forwarding-table Bytes Label Switched counter display 0
Workaround:
none
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: | 12.2(33)XND4, 12.2(33)XNE2, 12.2(33)XNF1, 15.0(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb31378 | Title: | asr1k:multicast:ucode crash on increasing ipv6 mcast group from 1 to 100 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
Affter reconfiguring MPLS, forwarding plane unable to forward ipv6 multicast packets.
Conditions:
MPLS reconfiguration while ipv6 multicast traffics increase from 1 to 100 group.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq61649 | Title: | ALG:NAT with Route-Map:H323 in-to-out failed |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
NAT with Route-Map:H323 in-to-out fails
Conditions:
When NAT is configured with route-map or ACL, h323 in-to-out calls might fail
Workaround:
There is no workaround
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq64636 | Title: | sh ip nat trans missing a session entry when translations 32 or greater |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
On the ASR1000 FP when sh ip nat trans is issued when 32 or more translation exist, not all the sessions will be displayed and counted.
Conditions:
This problem occurs when sh ip nat trans is issued when 32 or more translation exist.
Workaround:
show platform hardware cpp act feature nat datapath sess-dump, but this debug command does not have very nice formatting.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso48780 | Title: | CPP-FW+NAT:when TCP session idle timeout, FW used incorrect add for RST |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
When a session timesout due to Firewall idle time timed out, ASR1000 firewall may send out TCP reset packet with un-translated IP destination address when a out NAT is also configured. This could result in TCP reset packets not reaching the proper TCP end users and TCP on end users will not be terminated. Any subsequent TCP packet sent from end users after the configured Firewall idle time-out window will be dropped by ASR1000.
Conditions:
When a session timesout due to Firewall idle time timed out, ASR1000 firewall may send out TCP reset packet with un-translated IP destination address when a out NAT is also configured. This issue doesn't exist when out NAT is not configured.
Workaround:
configure ASR1000 Firewall idle time out value to be bigger than TCP idle time out value on end users
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2XN, all |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq07760 | Title: | FW drops more than 500ms of traffic on FP switchover |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom: when SSO, the traffic over fwall session can not be recovered within 50ms
Conditions:regular FP switch over with fwall sessions created
Workaround: N/A
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq84722 | Title: | ucode crash in 4RU with IP frag/reassembly |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
QFP may go down and reload if IP re-assmebly is going on at ten gig rate.
Conditions:
If reassembly is reauired of fragments of IP packet encapsulated in GRE, then this condition might be encountered.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN1 |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu97977 | Title: | Pfrv2 load-balance not working with passive mode. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Traffic is not load-balancing in Outbound /Inbound direction while running PFRv2 with Internet Edge Solution.
Conditions:
while running PFRv2 with Internet Edge Solution and load-balance with passive mode.
Workaround:
Further Problem Description:
Customer is running Pfrv2 Internet Edge solution to load-balance Outbound and Inbound Traffic.
Seems like the new link-group algorithms not work well for load-balance with passive mode.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.4(3)S2.2 |
|
Known Fixed Releases: * | 15.4(3)M3.2, 15.4(3)M4, 15.4(3)S3.10, 15.4(3)S4, 15.5(1)S2.12, 15.5(1)S2.15, 15.5(1)S3, 15.5(2)S1.7, 15.5(2)S2, 15.5(2)T2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz35479 | Title: | QOS:FP reset with hardware interrupt @ipv4_output_drop_policy_dbg |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:-
On a Cisco ASR1k series, an FP reset is observed when a soft OIR or shut/no shut is made on the ATM interface which has QOS configured.
Conditions:-
This happens when traffic is passing throught the ATM interfaces at the time of the shut/no shut sequence (or soft OIR) is performed.
Workaround:-
None
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx61701 | Title: | ucode crash on RP switch with config that has HSL enabled for ZBFW/NAT |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
A reload may occur after NAT high speed logger has been unconfigured and later reconfigured.
Conditions:
After NAT high speed logger has been unconfigured and later reconfigured.
Workaround:
If you unconfigured NAT's high speed logging (v9), reset the box to prevent risk of future problems.
Fix expected in 2.3.1.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc62212 | Title: | ASR NF/ IPSEC: GETVPN crypto freezes after applying netflow aggregation |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
None
Symptom:
If ingress Netflow is applied to the same interface to which a crypto map
has been applied and 2 or more Netflow aggregation caches are configured
and enabled, then incoming traffic to the interface will be dropped.
Under interface config this would require
ip flow ingress
crypto map my-crypto-map
Under global config this would require something similar to
ip flow-aggregation cache destination-prefix
enabled
!
ip flow-aggregation cache protocol-port-tos
enabled
!
Conditions:
This issue is not confined to any particular software release. For this
to occur there has to be a crypto map applied to an interface as well as
ingress netflow as well as 2 or more aggregation caches both configured
and enabled.
Workaround:
The most reasonable workaround is to configure fewer than 2 aggregation caches
and to use the Netflow collector to perform the necesssary aggregation.
Configuring egress Netflow is not a very attractive workaround. While egress
Netflow does not show the behavior described here - it does not support
aggregation caches.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND1 |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy53831 | Title: | Ingress packets should not have flag to check for fragmentation |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
Pinging with packets sizes of 1400 bytes and above does not go through the tunnel
Conditions:
When packet sizes of 1400 bytes and above are used.
Workaround:
None.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso90965 | Title: | MCP:cpp ucode crash while copying serial intf config to mcp |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
Fragmented packets destined for a Cisco ASR 1000 Series Router for which some fragments are lost in the network may under some circumstances lead to an unexpected reload of the Embedded Services Processor (ESP).
Workaround:
There are no workarounds.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2SRE, 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNA, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsu89822 | Title: | ASR1000:VFR+NAT:ucode crash at ipv4_vfr_refrag with skinny traffic |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
ASR 1000 ucode may crash when there is SCCP (Skinny) traffic flowing through the box
and NAT is configured to translate the SCCP packets.
Conditions:
The crash is seen only when there is SCCP traffic flowing through the NAT
box and NAT is configured to translate the SCCP traffic.
Workaround:
The workaround is to disable SCCP NAT translation on the box
by configuring
no ip nat service skinny tcp port 2000
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNA, 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNB2, 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso91607 | Title: | ucode crash due to CPP block interrupt after RP SO |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | -- Release-note --
Symptoms: System may be out of service.
Conditions: This symptom is observed on an ASR1000 when the system functions
as a L2TP Network Server (LNS) and when a Route Processor (RP) switch-over
was performed.
Workaround: This is no workaround.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx27977 | Title: | BGP routes are not advertised or learnt after router reload / SSO |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
In an IPSEC network, BGP routes may not be advertised through GRE tunnels..
Conditions:
This may happen after a RP switchover or when both IPSEC peers are brought up about the same time.
Workaround:
The workaround is to enable "crypto ipsec frag after-encryption" in the configuration.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2(33)XN, 12.2(33)XNC |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx96929 | Title: | NAT:- FP reset observed with hardare interrupt along with traffic |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:-
A Cisco Series ASR1k routers its FP reset is observed when an command "ip nat outside" is configured on the interface.
Conditions:-
This condition is observed when UDP packet length is bogus and the port is 1719.
Workaround:-
N/A
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNB |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta42509 | Title: | FP reset with hardware interupt @ETC_ETC_LOGIC1_LEAF_INT_INT_ETC_LKUP_DA |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:- A FP reset is observed on a Cisco ASR1k series router,when a QOS is configured/unconfigured.
Conditions:-
A ucode crash is observed with hardware interrupt pointing @ETC_ETC_LOGIC1_LEAF_INT_INT_ETC_LKUP_DATA_ERR when QOS is configured/unconfigured along with traffic.
Workaround:-
N/A
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc41030 | Title: | ZBFW: CPP crashed @ fw_log_stop_fmt_msg with "log dropped packet on" |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * |
Symptom:
System crashes when HSL logging is enabled
Conditions:
When inmprecise channels is dupliated, we attempt to delete the old before adding the new. The problem occurs when attempting to create a stop audit hsl record. The imprecise channel is not fully filled out and when accessing fields the hsl logic crashes. These types of sessions should not create a stop record to start with (they haven't yet created a start record)
Workaround:
Disable High speed logging or don't use logging on SIP or H323 protocols.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCte56627 | Title: | Outside NAT sessions not getting synced between active & standby |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
1) sessions may not be sync properly to standby
OR
2) session deletes may not be sync properly to standby (session that would be deleted on standby, will not be deleted)
Conditions:
Condition 1) may occur on ASRNAT when there is an inside mapping and outside static mapping configuration.
Condition 2) may occur when there is a very high burst of session aging occurs.
Workaround:
None.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2XN, 15.0(1)S |
|
Known Fixed Releases: | 12.2(33)XND4, 12.2(33)XNE2, 12.2(33)XNF1, 15.0(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw24373 | Title: | Called-station-id and NAS-ID via account profile satus query |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
sending extra attributes "called-station-id" and "NAS-ID" in accout-status-query for Webauth unauthenticated sessions
Conditions:
NA
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 18-DEC-2015 |
|
Known Affected Releases: * | 15.4(3)S, 15.6(1)S |
|
Known Fixed Releases: * | 15.6(1.12)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo36917 | Title: | XE3.12 DPSS : CFT returns out of memory error under load |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
When handling greater than 50000 concurrent flows, the following error is seen by dpss_mp:
src/main/onep_dpss_engine.c:1482: cft_handle_packet() returned error [2]:out of memory
Packets associated with flows greater than 50000 do not have the flow action applied and are returned to the router without being sent to the onePK application.
Conditions:
- ASR 1000 platform running IOS XE
- More than 50000 uni-directional flows established
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: * | 15.2(1)IC273.212, 15.2(3)E1, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.5(1)S0.7, 15.5(1)S1, 15.5(1)SN1, 15.5(1.18)S0.5, 15.5(1.8)T |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq77051 | Title: | out of ids when configuring xconnect |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Attempting to create or modify a xconnect context using the command
l2vpn xconnect context command may fail with the
error message:
%IDMGR-3-INVALID_ID: bad id in id_get (Out of IDs!) (id: 0x0)
Conditions:
This symptom has been observed after entering and exiting xconnect
context sub-modes many times (over 65000) over an extended period of
time.
Workaround:
There is no workaround. Once this error occurs, the router must be
reloaded.
Further Problem Description:
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: * | 15.3(3)S4.2, 15.3(3)S5, 15.4(3)M2.1, 15.4(3)M3, 15.4(3)M3.1, 15.4(3)S0.7, 15.4(3)S1, 15.4(3)S2, 15.4(3)SN1a, 15.5(0.18)S0.6 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus43594 | Title: | rp crash when cleanup vpls scale configuration |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | RP crashed when doing config replace with a cleanup config.
Symptom:
Conditions:
Scale vpls bgp signaling config.
Workaround:
No.
Further Problem Description:
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.3(3)S5.1, 15.3(3)S6, 15.4(3)M2.1, 15.4(3)M3, 15.4(3)M3.1, 15.4(3)S2.1, 15.4(3)S3, 15.5(1)S0.10, 15.5(1)S1, 15.5(1)SN1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue49808 | Title: | PTA router crashes on configuring unclassifed mac-address |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Traceback followed by IOSD crash while loading a config file from a tftp: directly into running-config
Conditions:
On applying intiator unclassifeid mac-address command
Workaround:
Copy config file to a file on a local resource (e.g. nvram:, flash:, harddisk:) and apply from the local file.
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: * | 15.1(1)IC66.63, 15.1(1)ICA4.122, 15.1(1)ICB29.36, 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EY, 15.2(1.1)PSR, 15.2(2)E |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv01168 | Title: | SPA-2XCT3/DS0 controller is not coming up on fresh reboot. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
While testing with the mcp_ceop_t3t1_cem_func functionality the serial interface was not able to up..
Conditions:
Issue is seen with asr1k platform
Workaround:
Can Make the serial interface up by giving no shut again to the other end which was already in no shut mode
..
Further Problem Description:
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 15.5(3)S1.4, 16.2(0.195) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux55692 | Title: | TCAM Errors in NL11k TCAM of Fixed Ethernet Linecards |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Intermittent packets loss on Fixed Ethernet Linecards[ASR1000-6TGE/ASR1000-2T+20X1GE]
Conditions:
This intermittent packet loss is due to TCAM Mismatch error counters. TCAM mismatch counters can be seen using "test hw-module subslot 0 np4c stat 1" CLI under SPA console of the linecard.
Workaround:
Reload of the linecard using "hw-module slot reload"
Further Problem Description:
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: * | 15.5(3)S1.4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux65145 | Title: | ASR1K-REST API-ACL: Portnumbers in access-lists are returned incorrectly |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: * | Symptom:
ASR1k-REST API feature, when we perform the JSON GET for the ACL, we see port number reported wrongly in the JSON.
Conditions:
Getting info about the ACL configured on the router via REST API.
Workaround:
N/A
Further Problem Description:
N/A
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv94186 | Title: | SNMPWALK crash at ipsmIPSec_policyOfTunnel |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
SNMPWALK crash at ipsmIPSec_policyOfTunnel
Conditions:
SNMPWALK crash at ipsmIPSec_policyOfTunnel
Workaround:
Workaround: Configure SNMP view to exclude
"snmp-server view iso included"
"snmp-server view ipSecPolMapTable excluded"
"snmp-server community view RO"
Further Problem Description:
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S2, 15.3(3)S4, 16.2(0) |
|
Known Fixed Releases: * | 15.5(3)S1.4, 15.6(0.22)S0.2, 15.6(0.26)T, 15.6(1)S, 15.6(1.12)S, 15.6(1.2)T, 15.6(1.9)T0.1, 15.6(1.9)T0.2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut96933 | Title: | ASR1K ucode crash seen at mpls_icmp_create |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
A vulnerability in the processing of IPv4 packets that require Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allow an unauthenticated, remote attacker to cause a reload of the affected device.
The vulnerability is due to improper processing of IPv4 packets that require NAT and MPLS processing. An attacker could exploit this vulnerability by sending an IPv4 packet to be processed by a Cisco IOS XE device configured to perform NAT and MPLS services. A successful exploit could allow the attacker to cause a reload of the affected device.
Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-iosxe
Note: The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html
Conditions:
Refer to the security advisory
Workaround:
Refer to the security advisory
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/5.9:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-6282 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 29-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S5.1, 15.4(3)S |
|
Known Fixed Releases: | 15.2(4)S8, 15.3(3)S6, 15.4(3)S3, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh43094 | Title: | IOSd crash while configuring 'tunnel destination' on existing tunnel |
|
Status: | Terminated |
|
Severity: | 2 Severe |
Description: * | Symptom:
IOSd (RP) crash with UNIX-EXT-SIGNAL: Segmentation fault(11)
Conditions:
Crash happens while configuring 'tunnel destination' on existing tunnel with QoS policy configured on that tunnel.
Workaround:
Remove the tunnel and reconfigure it completely.
More Info:
|
|
Last Modified: | 30-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu75176 | Title: | Multiple AN values for Rx SA observed in show macsec status |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:Multiple AN values observed in show macsec status during CAK REKEY with P2MP scenario when the peers of the same Secure Connectivity Association are hosted with same keychain on a box.
Conditions:The issue is seen when the peers of the same Secure Connectivity Association are hosted with same keychain on a box and a CAK-rekey is triggered by adding a new valid key.
Workaround:Hosting the P2MP peers of a CA in different boxes.
|
|
Last Modified: | 30-DEC-2015 |
|
Known Affected Releases: | 15.5(3)S, 15.6(1)S |
|
Known Fixed Releases: * | 15.5(3)S1.4, 15.6(0.22)S0.10, 15.6(1.17)S0.4, 16.2(0.213) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux35719 | Title: | ASR1K QFP crash with SSLVPN |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
An ASR1000 series router may exhibit an unexpected crash in the QFP ucode (cpp-mcplo-ucode) process.
On a modular chassis, this will result in a reload of the active ESP module and a switchover to the standby (if one is present). On an integrated chassis (ASR1001[-X], ASR1002-X) the entire chassis will reload.
Conditions:
This has been observed with the SSLVPN feature configured while running IOS-XE release 03.16.01a.S. The crash appears to occur due to a race condition between threads while processing TCP Selective ACK (SACK) messages from an SSL VPN client.
Further, exact conditions are not currently known.
Workaround:
Not known at this time.
Further Problem Description:
|
|
Last Modified: | 01-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S, 15.5(3)S0.18 |
|
Known Fixed Releases: | 16.3(0.6) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux37457 | Title: | P1 power supply shows as "ps, fail" status on 13RU |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
P1 power supply shows as "ps, fail" status from "show platform" on 13RU chassis
Conditions:
Problem shows up w/ asr1000rp2-adventerprise.03.16.01a.S.155-3.S1a-ext.bin or asr1000rp2-advipservices.03.17.00.S.156-1.S-std.bin
Workaround:
"sh platform hardware slot P1 mcu status? or "sh platform hardware slot P1 fan status? can be used to monitor status of the PS.
Further Problem Description:
|
|
Last Modified: | 26-DEC-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 16.2(0.218), 16.2(0.227) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux68796 | Title: | CPU usage 100% when do get-next entStateStandby on ASR1001-X |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
on ASR1001-X which running 15.6(1)S, when doing get-next on PC to consistently get value of "entStateStandby", CPU usage will go up to 100% and cause system hang.
Conditions:
platform:ASR1001-X
IOS:15.6(1)S
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 28-DEC-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw39062 | Title: | ASR1K: temperature sensor threshold values are showing wrong |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Temperature sensor threshold values are showing wrong for CC slots.
Conditions:
Checking sensors on ASR1K
Workaround:
none
Further Problem Description:
none
|
|
Last Modified: | 29-DEC-2015 |
|
Known Affected Releases: * | 15.4(3)S, 16.2(0) |
|
Known Fixed Releases: | 16.2(0.166) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux01038 | Title: | TCA cannot be reported when MMA report a loss over threshold |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
TCA cannot be reported when MMA report a loss over threshold
Conditions:
When I run the script PfRv3_Timer_and_threshold and PfRv3_verify_CSCut61094 together ,the PfRv3_verify_CSCut61094 will be failed because there is not Loss TCA reported when there is big loss reported by MMA.
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 30-DEC-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 15.5(3)S1.5 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv77117 | Title: | Interface ip address change overrides policy config |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The crypto policy state changes from its manually configured shutdown state to 'no shutdown' state automatically if we change the IP address of the interface linked to it
Conditions:
With crypto ssl policy in shutdown state, if I change the IP address to which the policy is linked to, the policy automatically changes to 'no shutdown' state
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 30-DEC-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 15.5(3)S1.5, 15.6(0.15)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj28985 | Title: | FP100 Crash during Multiple PPP ATM Session Flaps |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
FP Crash during Multiple PPP(PTA/LNS) Session Flaps
Conditions:
"subscriber accounting accuracy" is enabled
Workaround:
No
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S1, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj62858 | Title: | NAT tables are cleared when unconfiguring unrelated NAT rule |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Active NAT tables in a VRF are cleared unexpectedly
when unconfiguring a static NAT belonged to other VRF.
Conditions:
The problem happens when following conditions are met.
- 'network' option is used in the NAT rule.
- The NAT rule which is to be unconfigured has overlapped local/global addresses
with other NAT rules.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S2.1 |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd72416 | Title: | REI: ASR1k observing VFR tracebacks during test of malformed fragments |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
An error message with a traceback is observed on router console that has the format, %FRAG-3-REASSEMBLY_DBG: Reassembly/VFR encountered an error: VFR failed at refrag:, first fragment length 370, non-first frag total length 608. The length values may change depending on the actual fragmented packets received by the router.
Conditions:
The ip virtual reassembly (VFR) feature is enabled on the interface that receives malformed fragmented packets. VFR drops such problem packets as they cannot be correctly processed and generates the error message as a warning.
Workaround:
Disable the source of the malform fragments or disable VFR feature. Otherwise there is no other workaround.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XND4, 12.2(33)XNF1, 15.0(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq68436 | Title: | ASR1K RomTelecom EFT - with QPPB ingress "match qos-group" fails |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On the ASR 1000 Series Router the 'match qos-group' applied to an input interface does not work. No traffic will actually match the qos-group.
Conditions:
'match qos-group' applied to an input interface.
Workaround:
None.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsr22845 | Title: | Ping with MTU+1 bytes fails w/ MLPPP if ip virtual-reassebly enabled |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
Packets generated by local RP which are largered outgoing interface's MTU may be dropped after initial 15 packets. The problem can be observed by ping out large packets.
Conditions:
IP virtual reassembly (VFR) is enabled by CLI or features such as NAT on the outgoing interface. Packets are locally generated by RP.
Workaround:
Disable VFR on the outgoing interface by "no ip virtual-reassembly".
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2XN, 2.2(0) |
|
Known Fixed Releases: | 12.2(33)XNB2, 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy96344 | Title: | ucode crash @ ipv4_nat_flush_ports on doing clear ip nat translations * |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
A reload may occur.
Conditions:
When doing a 'clear ip nat trans *' when running an overload configuration with extremely high scaling.
Workaround:
There is not workaround. Fix expected with 2.3.2.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: | 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy29599 | Title: | qos pre-classify not working on V6 tunnel interface |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Qos Pre-classify not working on V6 tunnel interface.
Conditions:
Enabling Qos Pre-classification on IPV6 tunnel interface is not working.
Workaround:
None.
Further Problem Description:
Qos pre-classification functionaltiy will not work on Ipv6 tunnel interface.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNC0a, 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz34491 | Title: | ASR1K:VFR crash at ipv4_vfr_egress |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
When NAT is configured on ASR and ip virtual reassembly is disabled on ingress interface - the ASR router may experience a crash with special ALG packets which have out of order fragments.
Conditions:
With invalid configuration with NAT, where ip virtual reassembly is disabled on ingress interface, ASR may crash with some special SIP ALG packets.
Workaround:
Configure IP virtual ressembly on ingress interface.
Further Problem Description:
None
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta95969 | Title: | ASRNAT: pool depletion with PAT configure and pure IP traffic |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
pool address depletion
Conditions:
ASRNAT pool address depletion occurs when running using PAT with pure IP traffic.
Workaround:
Configure ACL to drop pure IP traffic on NAT inside interfaces
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc21343 | Title: | nat service fullrange not working properly |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
ip nat serv fullrange command not working proper at all for address which were allocated previous to the configuration of the fullrange command.
Conditions:
ip nat serv fullrange command not working proper at all for address which were allocated previous to the configuration of the fullrange command.
Workaround:
Issue a 'clear ip nat trans *', will trigger the fullrange command to work properly
Further Problem Description:
Expect fix in 2.5.1
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNF |
|
Known Fixed Releases: | 12.2(33)XNE1, 12.2(33)XNF |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq01350 | Title: | ATTN-SYN-TIMEOUT with IPsec tunnel mode traffic |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Some error messages, such as ATTN-SYNC-TIMEOUT may be displayed on the console while running some IPsec load tests.
Conditions:
IPsec site-to-site tunnel setup between MCP and any other IPsec peer.
Workaround:
Avoid IPSec stress/load conditions due to failure
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq56290 | Title: | L2 MAC address is programmed wrong in GLBP hello packets |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom: GLBP hello packets set incorrect src MAC address
Conditions: when GLBP is used on ASR1000
Workaround: None
Further Problem Description: This bug is fix in this ddts starting in RLS1 throttle branch.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd72127 | Title: | WCCP redirects IP packets destined to unreachable hosts (no route) |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
WCCP redirects IP packets with no routes (redirects packets irrespective of Destination is reachable or not).
Conditions:
If a WCCP service is applied on an interface, all packets that matches that service will be redirected to Cache Engiine.
Workaround:
None
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND3, 12.2(33)XNE2, 12.2(33)XNF |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx98529 | Title: | Low Memory to Bind NAT-3-HA_COULD_NOT_CREATE_BIND |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
A message such as NAT-3-HA_COULD_NOT_CREATE_BIND appears or abnormally large memory usage is noticed on ASRNAT on the the standby.
Conditions:
This condition may occur when running ASRNAT with intrabox redundancy and running large amounts of traffic of non-standard IP protocols (i.e. not UDP, TCP, ICMP or ESP).
Workaround:
There is no workaround, but the problem should be resolved in 2.3.1.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh35033 | Title: | GTP v0 update failure |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
V0 Update failed to create tunnel and can't release the pdp
Conditions:
create v0, update to v1, then update back to v0
Workaround:
More Info:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb31663 | Title: | Translation fails for DNS pkts with dynamic route-map+overload config |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
NAT allocates the same IP address from a pool in case of overload configuration, when several DNS replies pass through from the inside to outside interface, with different local addresses.
This means when outside DNS clients query for different hostnames, they receive the response of a DNS message with the same ip address.
Conditions:
The problem is seen with route-map + overload configuration
Workaround:
None
Further Problem Description:
The problem has been fixed in RLS 2.4.2
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy80662 | Title: | 15kOSPF pkt multicast destined recvd on GRE tun on ASR with NAT crashes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
ASR1000's FP may crash and the backtrace decode shows pbuf alloc failure. When the problem happens, error message MEM_MGR-3-MALLOC_NO_MEM, is displayed and its traceback decode points to the pbuf alloc failure.
Conditions:
Fragmented packets are destinated to the router and becomes large packets of size much lager than 9216 bytes, after reassembly. These large pacekts come in at a relatively high rate.
Workaround:
None.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNB |
|
Known Fixed Releases: | 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq47375 | Title: | FW: runtime counters not shown |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:"show plat har qfp active fea fir run" command does not show counters correctly
Conditions:any time after FP is up and fwall is configured, run the show command
Workaround:N/A
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 1.1(0), 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCte57932 | Title: | uSBC6: H323 to SIPP Calls fail no RTP pkts SIP to H323 direction |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
About 10% of the calls will fail with one way audio.
Conditions:
SIP Endpoints behind a NAT who are called from a H323 trunk can see about 10% of the call fail with one way audio.
Workaround:
no work around.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2(33)XNE, 12.2(33)XNF |
|
Known Fixed Releases: | 12.2(33)XNF1, 15.0(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtf40199 | Title: | ASR NAT: DNS ALG TTL not changed for same pre/post static config |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
A DNS response going through NAT ALG will not have the payload TTL changed 0 for same pre/post static config
Conditions:
DNS response going through ASR1K static NAT router running 12.2(33)XND02 release
Workaround:
none
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND2 |
|
Known Fixed Releases: | 12.2(33)XND4, 12.2(33)XNF1, 15.0(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq59094 | Title: | CPP-NAT:Dyn RMAP drop packets with existing sess after FP switchover |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
With ASR1000 NAT when using an routemap configuration after FP switchover packets are dropped for existing sessions. This only occurs if a NAT mapping has been removed and then added.
Conditions:
Described above.
Workaround:
If using routemap configuration and NAT HA, reset the router after you have removed and then added a the NAT rmap mapping.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNA1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq82690 | Title: | some pkts classified to wrong crypto queue during rekey |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptoms: Higher than expected latency may be seen for some priority packets through an interface with IPSec enabled.
Conditions: During IPSec rekey events some high priority packets may be enqueued behind low priority packets awaiting encryption.
Workaround: Increasing the rekey interval can reduce the frequency of, but not completely resolve this issue.
Increasing the rekey interval is achieved using the command 'set security-association lifetime kilobytes|seconds '
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNA |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta12360 | Title: | ASR1K:unconfiguring max-entries during traffic does not throw error mess |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
ASRNAT Limit count may be falsely set to 0 after clear ip nat trans and then change of limit maximum value and under low traffic conditions.
Conditions:
ASRNAT Limit count can be falsely set to 0 after clear ip nat trans and then change of limit maximum value and under low traffic conditions.
Workaround:
Do not issue 'clear ip nat trans' before changing maximum count for a limit.
Further Problem Description:
fix targeted for 2.4.2 and later
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx27429 | Title: | ASR1K:NAT:interface PAT only allocating 1000 port |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
With PAT on an interface aka Interface overload configured, the ASR NAT may only be create
1024 TCP and 1024 UDP sessions.
Conditions:
In a customer environment that uses a Interface overload the ASR NAT may be limited to 1K UDP and 1K TCP sessions.
Workaround:
The workaround is to use a PAT with a pool and not overload on Interface
address.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso98929 | Title: | Error message on IOSD switchover with NBAR |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
The error messages are seen if there is NBAR configuration in place during a
RP switchover.
Conditions:
NBAR configuration in place and NBAR traffic were running while RP switch
over.
Workaround:
None.
Further Problem Description:
The error trace has no functional impact, but is only informational.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx44316 | Title: | CPP-NAT: 3rd party embedded addr translation failure with map overload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
When an inside mapping is configured with "overload" keyword, applications may fail.
Conditions:
Workaround:
Further Problem Description:
The problem exists when an embedded IP address in the application payload is different from that of source or destination IP address in the IP header during an application session setup.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNB |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc16651 | Title: | IPsec drops packets sized more than 9126 bytes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
Packet size greater than 9126 bytes is dropped by CPP
Conditions:
Traffic with packet size greater than 9126 bytes
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XND3, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx67820 | Title: | NO debug plat ha qfp act fe fir da g <> results to flooding o info cpp |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
After "no debug platform hardware qfp active feature firewall datapath global all detail" command is issued, there might be a lot of messages flooding the console.
Conditions:
When firewall is configured in the system.
Workaround:
Don't use the command to avoid message flooding.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta27295 | Title: | ASR1K:Ucode crash@ipv4_nat_find_port when high PAT scaling |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR may reload with dyn nat overload
Conditions:
Reload may occur in rare conditions after ASR NAT overload run with extremely high scaling.
Workaround:
No Workaround
Further Problem Description:
Problem fixed in 2.4.1 and later releases
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx61254 | Title: | QFP-NAT:ucode crashes with high rate of session add and delete |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
QFP may reload.
Conditions:
When running ASR NAT Overload with an extremely high setup and tear down rate.
Workaround:
Thus far this problem has only been seen when a time value has been set to 1; do not set timeouts
less than 60 seconds.
2.3.1 is targeted for fix.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy60604 | Title: | CPP-NAT: CPP crashed during mapping deletes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
ASRNAT may cause a reload to occur.
Conditions:
ASRNAT may cause a reload to occur, when deleting a mapping with a routemap which has existing sessions.
Workaround:
Do a 'clear ip nat trans *' before removing NAT mappings. It would be safer to also remove NAT from the interfaces so new sessions can not be created during removal.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd69478 | Title: | Traffic drops on clear ip nat with 50k NAT outside + 300 NAT inside trln |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
In rare circumstances frames that should be NATTed are note.
Conditions:
ASRNAT these symptoms can occur when there is a very high creation rate and the configuration requires the creation of both a inside static and outside static binding, this can lead to a full translation which is not correct.
Workaround:
Clear the translation that was created, but not correct.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNF |
|
Known Fixed Releases: | 12.2(33)XND3, 12.2(33)XNE2, 12.2(33)XNF |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx53533 | Title: | ASR1K:Ucode crash@chunk_free_part1with NAT pool overload configured |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Ucode crash seen with NAT pool overload configured
Conditions:
When NAT pool overload is configured with high rate of session addition and deletion, ucode crash might be seen
Workaround:
No Workaround
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz09147 | Title: | MCP IPv6 Conformance: No Echo Reply for Request with Next Header field 0 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
If Echo Request packet having Hop-by-Hop Options header with a Next Header field of zero is sent to the router, it should respond with NS and ICMPv6 Parameter Problem message, according to RFC 2460. The router doesn't respond with either of them.
Conditions:
This is an ipv6 conformance issue, occurs with any standard ipv6 configuration. The image with which it was seen is: asr1000rp1-adventerprisek9.BLD_MCP_DEV_LATEST_20090512_072417.bin
Workaround:
No known workaround.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2(33)XNC, 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNF, 12.2(33.1.1)XNF1, 12.2(33.1.2)MCP7, 15.1(1)MR6, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S2, 15.1(3)S5 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb40908 | Title: | MLP Priority packet latency increase when Bundle Flow Control invoked |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
During periods of MLP bundle over subscription, the latency of priority traffic becomes higher than expected.
Conditions:
During periods of sustained MLP bundle over subscription (input data rate greater than the MLP bundle available transmit bandwidth), the latency of priority traffic becomes higher than expected due to priority traffic buildup in the priority queues.
Workaround:
One possible workaround is to limit the maximum depth of the priority class queue using the "queue-limit" command.
Since sustained over subscription should not be a "normal" condition it is not likely that this workaround should be necessary.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsr12977 | Title: | Ingress Netflow on Mcast traffic results into same src/dst cache entry |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Netflow on the ASR1000 series will collect and export/display multicast v4 flows with an incorrect destination interface.
Conditions:
This issue occurs when v4 ingress Netflow is processing multicast flows. The destination interface will be incorrectly reported in collected flows.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN1 |
|
Known Fixed Releases: | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx47291 | Title: | "show ip nat statistics" not showing the "hits" properly. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
Hit and Miss counter always zero in 'sh ip nat stat' for ASR NAT.
Conditions:
Hit and Miss counter always zero in 'sh ip nat stat' for ASR NAT.
Workaround:
No workaround. Fix scheduled for 2.3.1
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz51243 | Title: | NAT reassembled packet not fragment when VFR is off on ingress |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
When fragments entering ASR with NAT ingress and egress configured, seem to come out of ASR as reassembled packets - and ingress virtual reassembly has been manually disabled.
Conditions:
When NAT ingress and egress is configured, VFR is automatically enabled on ingress and egress interfaces. If VFR is disabled from ingress interface manually, then fragments entering the ASR router will go out as reassembled packet from egress interface instead of getting fragmented as original fragments that entered the ASR.
Workaround:
Configure VFR on ingress interface again.
Further Problem Description:
Disabling VFR on ingress interface prevents fragmentation at egress interface.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb06861 | Title: | ATTN-3-SYNC_TIMEOUT:msecs since last timeout 742317, missing packets 2 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
Logging message is seen as "ATTN-3-SYNC_TIMEOUT:msecs since last timeout 742317, missing packets 2".
Conditions:
Router receives fragmented SIP packets and NAT is enabled, so that virtual reassembly feature reassembles such packets.
Workaround:
No. There has not been functional impact reported.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta25759 | Title: | non TC service accounts wrongly all packets |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
all packets, including the dropped packets which are not sent on the wire, are being accounted for.
Conditions:
this is happening for non traffic services under ISG
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso81631 | Title: | Session count goes wrong on standby FP with high session churn rate |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
Firewall session count may be inaccurate on standby ESP with high session churn rate.
Conditions:
When a large amount of TCP sessions go up and down at high rate, such as 20K /sec, the session count on the standby ESP goes up. This problem does not exist on the active ESP.
Workaround:
The session count could be misleading but no service impact. Users can reference session counts on both ESPs to determine the inaccuracy.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2, 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq01759 | Title: | ipsec on tunnel int. with NAT box in the middle doesn't work |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
When IPsec tunnel is configured between an ASR1000 and a remote peer using tunnel interface through a network address translation (NAT) device, ASR1000 drops UDP encapsulated encrypted packets
This issue is affecting the following features:
ipsec/gre with nat
dmvpn with nat
vti with nat
Conditions:
ASR1000 should decrypt the UDP encrypted packets
Workaround:
Do not configure IPsec on tunnel interfaces.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: * | 12.2XN, none |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc02014 | Title: | HSL data logging stops sending data to collector after router reload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
HSL (High speed logger) stops sending data to the collector after router reload. Rather, logs are sent to the console via syslog.
Conditions:
This symptom is observed on a 6RU(ASR1006) with HSL and Firewall configured.
Workaround:
Unconfigure and configure HSL again will fix the problem.
Further Problem Description:
The problem only occasionally happens on certain boxes because it depends on the order of events during router boot up, which is somewhat non deterministic.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: | 12.2(33)XNF |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsr66075 | Title: | SPA_CHOC_DSX-3-HDLC_CTRL_ERR running FR/FRF.12 on CT3 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
An ASR1000 series router running an FRF.12 config indicates the following error:
Jul 30 14:07:03.736 EST: %SPA_CHOC_DSX-3-HDLC_CTRL_ERR: SIP2/0: SPA 2/0: 5 TX Chnl Queue Overflow events on HDLC Controller were encountered.
Conditions:
This is seen on FR interfaces where a large percentage of the traffic being sent is fragmented, but there are also period of non-fragmented (priority) traffic. In the cases where this message is seen, packets have been dropped.
Workaround:
No workaround is required, the message is an indication that packets have been dropped due to an overrun condition. No other action is needed, the router will self recover.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2, 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNB1, 12.2(33)XNC, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc36654 | Title: | QFP-NAT:show ip nat stat counter is non-zero after all sessions timeout |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
Dynamic half entries are sometimes not appropriately aged out on ASRNAT.
Conditions:
The above condition occurs when a large number of half entries are aged out at the same time. This can most likely be seen when the following is configured: 'ip nat trans timeout '
Workaround:
If you have 'ip nat trans timeout ' configured, unconfigure it (i.e. 'no ip nat trans timeout ');
Further Problem Description:
Fixed in 2.4.2 and later
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XND2, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsq67130 | Title: | NAT:Active FP Crashes when bootup standby FP |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
ASR1000 active FP crashes when NAT is configured, NAT is actively using 500,000 addresses and an HA switchover occurs.
Conditions:
Described above in Symptom
Workaround:
ASR1000 NAT works best with active address scaling of 50,000 or less.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN, 2.2 |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtg97100 | Title: | MLPPP Multilink interface stops forwarding traffic after link lost |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Traffic forwarding on a multiple member link MLPPP Multilink bundle stops after one of the member links goes down while traffic was being sent on the bundle at a high data rate.
Note that this issue only existed in the 12.2(33)XND and prior release trains. This issue did not exist in 12.2(33)XNE and beyond.
Conditions:
While forwarding data at high data rates on a MLPPP Multilink bundle, if one of the member links becomes congested and then goes down or is removed from the MLPPP Bundle before the congestion stated is cleared the congestion state of the MLPPP bundle interface may not get cleared and traffic forwarding in the egress direction stops on the bundle. When this occurs all traffic forwarding from the Multilink interface stops and eventually traffic waiting to be transmitted begins to get tail dropped by QoS.
"show interface " would indicate no output packets and "show policy-map interface " would likewise indicate tail drops as well as queue depth buildup.
In addition to the problem being seen following a MLP member link going down it has also been seen as a result of a member link going down as a result of a SIP or SPA card being removed/reinserted on which a member link resides.
Workaround:
A "clear interface |
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: | 12.2(33)XND4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtf27981 | Title: | traceback observed@ipv4_nat_add_static_cfg on changing net mask |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASRNAT static network does not work properly or traceback may be received on configuration on unconfiguration
Conditions:
This occurs only if 2 static networks are configured exactly the same except for network mask.
Eg.
ip nat inside source static network 10.1.0.0 10.2.0.0 /24 vrf vrfA
ip nat inside source static network 10.1.0.0 10.2.0.0 /16 vrf vrfA
Workaround:
Do not configure 2 static networks exactly the same except for network mask. If you do, it is recommended that you do the following:
1) remove both static network configuration
2) add back the 1 static network which is truly desirable.
3) that should work, but if it does not reload the box.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: | 12.2(33)XND4, 12.2(33)XNF1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy30796 | Title: | ASRNAT: clear ip nat trans does not clear allhost data |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
With ASRNAT 'clear ip nat trans *' does not clear the allhost limit data.
Conditions:
With ASRNAT 'clear ip nat trans *' does not clear the allhost limit data.
Workaround:
There is no workaround. Fix in 2.3.1 and later releases.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc61823 | Title: | Ingress CPP uCode crash with MLP due to Invalid QID |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
ASR1K FP would report an error similar to the following and also restart the active FP.
%CPPHA-3-FAULT: F0: cpp_ha: CPP:0 desc:ETC_ETC_LOGIC1_LEAF_INT_INT_ETC_LKUP_DATA_ERR det:DRVR(interrupt) class:OTHER sev:FATAL id:2687 cppstate:STOPPED res:UNKNOWN flags:0x7 cdmflags:0x0
%CPPHA-3-FAULTCRASH: F0: cpp_ha: CPP 0 unresolved fault detected, initiating crash dump.
%CPPHA-3-FAULT: F0: cpp_ha: CPP:0 desc:PQS_PQS_LOGIC1_INTR_LEAF_INT_INT_INSTALL_DISABLE_Q_ERR det:DRVR(interrupt) class:OTHER sev:FATAL id:4378 cppstate:STOPPED res:UNKNOWN flags:0x7 cdmflags:0x0
%CPPHA-3-FAULTCRASH: F0: cpp_ha: CPP 0 unresolved fault detected, initiating crash dump.
%CPPHA-3-FAULT: F0: cpp_ha: CPP:0 desc:RC_KEY_RC_KEY_CSR_RCS_KEY_LEAF_INT_INT_RCSKEY_QED_FIFO_UNDERFLOW det:DRVR(interrupt) class:OTHER sev:FATAL id:4311 cppstate:STOPPED res:UNKNOWN flags:0x7 cdmflags:0x0
The key error of interest being the: PQS_PQS_LOGIC1_INTR_LEAF_INT_INT_INSTALL_DISABLE_Q_ERR
error indication.
Conditions:
This problem has only been seen thus far with a large scale MLP configuration
(several hundred bundles) with over subscribed traffic to the Multilink PPP (MLP)
bundles as well as a high rate of MLP fragmented traffic on the MLP receive
interface.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XND3, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtx59316 | Title: | Punts for incomplete adjacency should bypass CoPP |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
A packet punt to RP due to incomplete adjacency gets processed by CoPP. This
makes CoPP complex, because these punted packets are not directed to the system
itself and requires the CoPP to be opened up.
Conditions:
This is seen with 3.5.2S and similar release and by current design.
Workaround:
As workaround the CoPP need to be changed to allow the punted packets.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.2(1)S |
|
Known Fixed Releases: | 15.2(4)S3, 15.3(1)S1, 15.3(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz27964 | Title: | Firewall should NOT drop ICMP Dest Port Unreachable pkts for ICMP pass |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
ICMP Dest Port Unreachable packet is dropped when the firewall action for ICMP is pass
Conditions:
The ICMP Dest Port Unreachable packet will be generated if the destination port is not available. However, the current firewall inspect action would drop such ICMP packet. When the pass action is configured to workaround this limitation, the ICMP Dest Port Unreachable packet is still gets dropped
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC2, 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy48878 | Title: | MC NAT out2in performance much worse than in2out |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
IT was observed that MC NAT one OIF out to in performance was much worse than in to out performance.
Conditions:
This performance defect has been there from day one and was due to inefficient address binding mechanism as compared to that used in in to out direction.
Workaround:
No workaround for this performance issue.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx50835 | Title: | Deleting more than 256 mappings causes FP reload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
Deleting more than 256 NAT mappings will cause FP to reload
Conditions:
NAT Configuration delete with configuration having more than 256 mappings.
Workaround:
No workaround available.Fixed in releases after RLS3.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCso38880 | Title: | CPP-ALG:NAT with Route-Map:SIP and Skinny IN-to-IN call failed |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom: When Dynamic NAT Overload (PAT) or Dynamic NAT using Route-Map
is configure, SIP and Skinny Inside-to-Inside calls might fail.
Conditions: When SIP or Skinny end-points register to a Call Manager thru a NAT router using ALG, calls between inside end-points might fail if PAT or NAT using Route-Map is configured in the NAT Application Layer Gateway.
Workaround: Use Static or Dynamic 1-1 NAT (except Route-map).
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN, all |
|
Known Fixed Releases: * | 12.2(33)XNB, 3.9.0.6i.LC |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta42491 | Title: | VRF AWARE ASRNAT Ucode crash after ESP switchover during Longevity Run |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * |
Symptom:
ASR may reload.
Conditions:
ASR may reload after an ESP switchover in rare cases with very high session scaling in ASRNAT.
Workaround:
There is no workaround
Further Problem Description:
Problem fixed in 2.4.1 and later releases
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu48458 | Title: | ASR1k/15.4(3)S QinQ frames are dropped under "TCAM Failure Drops" |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
QinQ frames are dropped
Conditions:
QinQ accross EoMPLS pw
Workaround:
unknown yet
Further Problem Description:
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.5(2.2)S |
|
Known Fixed Releases: * | 15.4(3)S4.7, 15.5(3)S1.2, 15.6(0.22)S0.8, 16.2(0.213) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue74708 | Title: | destination-glean recovery not shown in show snoop policy command |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:In ipv6 snooping policy, destination-glean recovery not shown in show ipv6 snooping policy command, while the data-glean recovery is shown in show ipv6 snooping policy command
Conditions:In ipv6 snooping policy, destination-glean recovery not shown in show ipv6 snooping policy command
Workaround:user can check the destination-glean recovery use show running command.
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.2(1)E, 15.3(2)S |
|
Known Fixed Releases: * | 15.1(1)IC66.63, 15.1(1)ICA4.122, 15.1(1)ICB29.36, 15.2(2)E, 15.2(2)E1, 15.2(2b)E, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(2.13)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuc43160 | Title: | fhs-ask1k dynamic Binding Table number not include dhcp prefix entry |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom: dynamic binding table number wrong,dhcp iapd prefix entry not count by dynamic, but by total number
Conditions:enable prefix-glean from dhcpv6-pd,
Workaround:none
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: * | 15.1(1)IC66.63, 15.1(1)ICA4.122, 15.1(1)ICB29.36, 15.2(2)E, 15.2(2b)E, 15.2(4.0)ST, 15.2(4.0.64a)E, 15.2(5.0)ST, 15.3(2.13)S, 15.3(2.15.1)XEB |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw33328 | Title: | IOS-XE: ZBF + dVTI + Default Zone, IOS doesn't do VFR |
|
Status: | Open |
|
Severity: * | 3 Moderate |
Description: | Symptom:
VFR is not enabled in default zone with dynamic tunnel and ZBF (e.g. DMVPN).
A symptom of the above is packets that need reassembly due to fragmentation to get dropped with an error similar to the one below:
Dropping udp pkt from internal0/0/rp:0 10.1.1.1:161 => 192.168.0.1:41706(target:class)-(none:none)
due to Invalid L4 header with ip ident 11197
SPOKE#show policy-firewall stats platform
...
--show platform hardware qfp active feature firewall drop--
-------------------------------------------------------------------------------
Drop Reason Packets
-------------------------------------------------------------------------------
Invalid L4 header 1241 <---
Conditions:
Default zone is enabled
Workaround:
Enable "ip virtual-reassembly-out" under interface
Further Problem Description:
|
|
Last Modified: | 21-DEC-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw75310 | Title: | ASR1K: abnormal config for cfm offload sampling |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ASR1K: abnormal config for cfm offload sampling
Conditions:
1. config MEP with 100ms , 2000 offload sampling;
2. modify 100ms to 1s;
3. show cfm config.
4. offload sampling defined with 1s CCM, this is not expected behavior.
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 15.6(1)S, 16.2(0) |
|
Known Fixed Releases: * | 15.6(1.12)T, 15.6(1.17)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw41346 | Title: | ESP packets discarded during re-key with static NAT on ASR1k |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Traffic loss through IPSEC tunnels (at the time of Phase-2 rekey). After the re-key, the NatIN2out drop counter is seen to increment on the router performing the ESP NAT:
BGL.I.06-ASR1000-1#sh plat hardware qfp active statistics drop
-------------------------------------------------------------------------
Global Drop Stats Packets Octets
-------------------------------------------------------------------------
NatIn2out 5 670 <<<<<<<<< NatIN2out drops
Conditions:
NAT is implemented in such a way that the Tunnel end points are not aware of it, therefore, NAT-T does not come into picture and the VPN endpoints do not encapsulate ESP into UDP\4500.
Workaround:
Deploy NAT in a way that the tunnel end points detect the NAT in between using NAT-Detection and hence encapsulate the ESP into UDP\4500 to avoid NAT ESP processing on the NAT routers.
Further Problem Description:
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S4 |
|
Known Fixed Releases: * | 15.5(3)S1.4, 15.6(1.10)S, 16.2(0.177) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv12943 | Title: | Add cli support to enable cepThroughputNotif trap |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
To enable cepThroughputNotif trap for the crypto throughput notification for exceeding the threshold and max bandwidth.
Conditions:
Trying to enable the trap using cli, cli is not available.
Workaround:
Use snmp set on cepThroughputNotifEnabled object to enable the trap.
Further Problem Description:
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: * | 15.5(3)S1.4, 15.6(0.16)S, 15.6(1.4)S, 16.2(0.187) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv75254 | Title: | Errors observed when reloading SSL-GW with multi policies with same VRF |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Reloading a SSL-GW with multiple policies using interfaces from the same VRF results in 'ERROR: Two policies cannot have the same ip address, port and vrf configuration' message on the console post reload
Conditions:
SSLVPN headend has multiple SSL policies. Each of these policies use different interfaces, but the interfaces are part of the same VRF. With such a condition, if we reload the router, the router complains when booting up stating: '%ERROR%: Two policies cannot have the same ip address, port and vrf configuration'
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 23-DEC-2015 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 15.5(3)S1.4, 15.6(0.14)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj29429 | Title: | Add new FP100 FPGA image |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
FP100 test CPLD image with versioin 13012900 is added in hw-programmable package.
Conditions:
The FP100 test CPLD will be installed when the CPLD is upgraded.
Workaround:
Do not upgrade FP100 CPLD.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui01834 | Title: | FP200 crash and TB on session bringup for BNG Profile11a_58k_LNS |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
FMAN-FP crash may occur while broadband sessions are torn down
Conditions:
When a large number of broadband sessions are being torn down, there is a possibility of a crash in FMAN-FP.
Workaround:
None
Further Problem Description:
None
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum11084 | Title: | ASR1K WCCP support for MPLS VPN |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
WCCP can redirect packets to WAE correctly, but GRE return packets from WAE are droped by ASR1k.
"show platform hardware qfp active statistics drop" shows that the drop cause is TunnelUnsupportedConfig
Conditions:
1. configure WCCP on PE router of a MPLS VPN network
2. WAE is connected to WCCP router through MPLS VPN network
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum69887 | Title: | Mis-acked tcp sequence with NAT and LDAP ALG |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
When there is SIP address in the message. NAT cann't handle the tcp sequence properly with LDAP ALG after pdu size changed. NAT will not handle the delta value for the right ack message but thereafter messages, which may cause mis-acked message flows between two endpoints.
currently only seen with netmeeting
Conditions:
Send LDAP traffic with empty comment item in LDAP ALG.
Workaround:
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun22771 | Title: | ASR crash at pa_get_state |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
An ASR 1002-X router might crash and reload writing a core file in the process.
Conditions:
ASR1002-X running IOS XE in a NAT-HA B2B scenario
Workaround:
None so far
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S1 |
|
Known Fixed Releases: | 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj68565 | Title: | Linecard status unknown in any slot post insertion in slot4/5,13ru |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR1000-2T+20X1GE and ASR1000-6TGE Card status will remain unknown in any slot post insertion in slot4/5 of ASR1013 with ESP40.
Conditions:
Sequence of events needed:
1. Insert the ASR1000-2T+20X1GE and ASR1000-6TGE in Slot 4 or 5 of ASR1013 with ESP40
2. Remove the card
3. insert in any other slot other than slot 4 and 5.
Workaround:
Wait for minimum 1 Minute before reinserting the card in slot other than 4 and 5 ( ie 1 min wait between step 2 and 3 of Condition above)
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun44581 | Title: | XE3.13: CFT feature objects stats pending after feature eanble/disable |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
FOs of CFT features might not be released in case the featrue has unregistered from CFT before the flow aged.
Conditions:
Feature of CFT (Stile,FNF,FME,CENT..) that allocated FO in the flow and then un-registered from CFT (i.e feature has been disabled) while another feature is still registered to CFT, the FO of that feature won't be released.
Workaround:
stop traffic before disable the feature or reload.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S, 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)M, 15.4(3)M1, 15.4(3)S, 15.4(3)S1, 15.4(3)SN1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul22381 | Title: | CPP DRV: Close potential race condition in KIPC |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Unexpected tracebacks occur randomly at a very slow rate (i.e. once per day or even less). Normal processing will continue.
Conditions:
This issue is specific to ESP100, ESP200 or ASR1002-VE.
Workaround:
There is no known workaround.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(1)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul55038 | Title: | PE-LNS : ICMPV6 message "too big" not sent |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
In mpls-vpn scenario, when the size of packet coming from core network is bigger than mtu set on CE facing interface, the expected ICMPv6 TOO_BIG fail to return.
Conditions:
1. packet is bigger than mtu on CE facing interface.
2. the packet come from core mpls network and try to go through CE facing interface.
3. the issue is found on PE in mpls-vpn scenario.
Workaround:
enable IPv6 on core facing interface, which is receiving the mpls packet to CE.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(0.1), 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui65881 | Title: | ASR1K MLPPPoE - Incorrect Bundle BW being applied in multilink scenario |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
The MLPPP bundle bandwidth is not updated which led to non-priority packet drops when traffic exceeds the current rate. In the case documented in this DDTS, a bundle rate is supposed to be set to 12M but it was instead set to 1.5M.
Schedule specifics:
Index 1 (SID:0x0, Name: Virtual-Access339)
Software Control Info:
sid: 0x396eb, parent_sid: 0x38022, obj_id: 0x115e, parent_obj_id: 0x54
evfc_fc_id: 0xffff, fc_sid: 0x396eb, num_entries (active): 2, service_fragment: False
num_children: 2, total_children (act/inact): 2, presize_hint: 0
debug_name: Virtual-Access339
sw_flags: 0x0883034a, sw_state: 0x00000905, port_uidb: 127126
orig_min : 0 , min: 1536000
min_qos : 0 , min_dflt: 1536000
orig_max : 0 , max: 1536000
max_qos : 0 , max_dflt: 1536000
share : 1
plevel : 0, priority: 65535
It should be set to 12M.
Index 1 (SID:0x0, Name: Virtual-Access45)
Software Control Info:
sid: 0x38026, parent_sid: 0x38023, obj_id: 0x189, parent_obj_id: 0x54
evfc_fc_id: 0xffff, fc_sid: 0x38026, num_entries (active): 2, service_fragment: False
num_children: 2, total_children (act/inact): 2, presize_hint: 0
debug_name: Virtual-Access45
sw_flags: 0x0883034a, sw_state: 0x00000905, port_uidb: 130692
orig_min : 0 , min: 12288000
min_qos : 0 , min_dflt: 12288000
orig_max : 0 , max: 12288000
max_qos : 0 , max_dflt: 12288000
Conditions:
The Bundle rate was not being updated when QoS events preceded the rate update from MLPPP. If the MLP event is processed before the QoS event then there is correct behavior, however if the QoS event is processed before the MLP rate update event then the MLP event is lost and never gets processed to update the bundle bandwidth.
This results in tail drops when the interface becomes congested prematurely.
Workaround:
The workaround is to apply QoS after all member links have been successfully added to the bundle.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S4, 15.2(4)S4a, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui67325 | Title: | ASR1k cpp crash observed in ipv4_nat_bind_find with HAL_RID_INVALID |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
The ESP may crash in cpp_mcplo
%CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Conditions:
NAT is enabled
Workaround:
None at this time
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo41369 | Title: | Nightster: VLAN errors seen on Native GE connected to C3750G switch |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
on ASR1001-X , VLAN errors are reported on the native GE port which is connected to a C3750G GE switch.
Conditions:
The configuration of the UUT port is default and the switch port is as follows:
switchport access vlan 2
switchport mode dot1q-tunnel
no cdp enable
Workaround:
The present workaround is to implement a different GE Switch model in this environment.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun58672 | Title: | VTCP not send tcp segments according adjustment mss |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
VTCP not send tcp segments according adjustment mss
Conditions:
tcp sync with mss 1460 from interface B, and Interface A sent out sync with mss 1390
tcp segments (tcp payload 1390) come from interface A
observed tcpsegments with tcp payload 1460 sent out via interface B
Workaround:
n/a
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S, 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui57866 | Title: | FNF: Platform exporter config displays IPv4 addr when IPv6 configured |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
"Show plat soft flow fp active exporter name " displays invalid source and destination addresses if using IPv6.
Conditions:
This is simply a display issue. The addresses are displayed in an IPv4 format. This fix checks the address type before displaying the addresses in the correct IPv4 or IPv6 format.
Workaround:
No workaround.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.1(3)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun31285 | Title: | Nightster: Hi priority traffic is redirected to low priority channel |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
a. Problem is specific to ASR1001-X Built in Bay (bay 0)
b. The issue is when default ipv4 precedence based plim classification is used.
TOS is 8 bits and its relation to ipv4 precedence is shown below.
+ * IP precedence, TOS, DSCP mapping.
+ * --------------------------------------------------------
+ * | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
+ * --------------------------------------------------------
+ * <---- Precednce ---->
+ * <-------------- DSCP -------------------->
+ * <----------------------- TOS -------------------------->
+ * ---------------------------------------------------------------
+ * | TOS (8 bit) | Prec (3 bit) | DSCP (6 bit) |
+ * ---------------------------------------------------------------
+ * | 0 - 255 | MSB 3 bits of TOS | MSB 6 bits of TOS |
+ * | | Prec 0 - TOS 0 - 31 | DSCP = n |
+ * | | Prec 1 - TOS 32 - 63 | TOS = { n*4, |
+ * | | Prec 2 - TOS 64 - 95 | n*4 + 1, |
+ * | | Prec 3 - TOS 96 - 127 | n*4 + 2, |
+ * | | Prec 4 - TOS 128 - 159 | n*4 + 3 } |
+ * | | Prec 5 - TOS 160 - 191 | |
+ * | | Prec 6 - TOS 192 - 223 | |
+ * | | Prec 7 - TOS 224 - 255 | |
+ * |--------------------------------------------------------------
This issue is seen for ipv4 traffic with a TOS value such that lower significant 5 bits of TOS field are non-zero.
e.g 255 - binary 111 11111
Conditions:
This issue is seen for ipv4 traffic with a TOS value such that lower significant 5 bits of TOS field are non-zero.
e.g 255 - binary 111 11111
Workaround:
If using ipv4 precedence based plim ingress classification, use a TOS value such that lower significant 5 bits of TOS field are ZRO.
e.g 255 (dec), 0xFF (hex) - binar 111 11111 - This won't work. (traffic will be classified as low priority in ingress direction in ASR1001X, builtin bay ports)
Modify the TOS value such that least significant 5 bits are zero.
111 00000 - TOS 224 (dec), 0xE0 (hex).
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui87023 | Title: | Enlarge ALG RPC pool limitation |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Enlarge ALG pool limitation
Conditions:
sh plat har qfp ac fea alg mem | in RPC
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul34776 | Title: | [AVC-ISSU] AOR not working after SW upgrade to 3.12 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
After ISSU process AOR and dependent fields are not working. Also, sampler granularity may be different from the configured.
Conditions:
Happens sometimes
Workaround:
Remove AVC configuration and apply it again after the ISSU process is finished
Further Problem Description:
Sometimes during ISSU process several flags may be not downloaded properly. These flags are AOR, dependent field flags, sampler granularity flag and enterprise number.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S1.2, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui70820 | Title: | Increase the amount of WCCP Event Logging |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
This bug is an enhancement to increase the amount of data that WCCP collects on the asr1k event tracing infrastructure. These logging enhancements will aid in troubleshooting and diagnostics.
Conditions:
No special conditions exist, as this is a enhancement to existing logging functionality.
Workaround:
No workarounds.
Further Problem Description:
This increases the number of events and the amount of data that is logged by each event within the ASR1k binary event logs that are kept for events on the ESP/QFP as well as additional information within the WCCP debug outputs.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuc47181 | Title: | CFM TCAM programming takes too long |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
OneFW(official name: cxsc)'s AVC class group takes about 4 seconds to be programmed into TCAM, which is more than the average time.
Conditions:
OneFW enabled, which by default will download the AVC class group.
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui47798 | Title: | ping the gre tunnel packets lost when enable erspan |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
packet lost over GRE tunnels
Conditions:
ERSPAN configured on the device, ping the gre tunnel address
there are packets lost
Workaround:
Disable ERSPAN
Further Problem Description:
peibyang-ASR1002#sho version
Cisco IOS XE Software, Version BLD_MCP_DEV_LATEST_20130801_040024
Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Experimental Version 15.4(20130801:060830) [mcp_dev-BLD-BLD_MCP_DEV_LATEST_20130801_040024-ios 170]
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Thu 01-Aug-13 02:29 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
1???configure a gre tunnel interface
2???enable erspan over the phy interface, the tunnel is passing this phy interface at the same time.
3???ping the tunnel interface each other??? there is packet lost.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul95633 | Title: | NTT XE3.10: Add changes for ESI serdes link handling |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ESI link does not come up when two RPs are running XE3.x and XE2.6.x versions
Conditions:
When two XE versions are running.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNF, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj25221 | Title: | CPP process crash during change in NAT source loopback IP address |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
CPP process crash during a change in the loopback ip address used as a DNS NAT source
Conditions:
change in the ip address
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4.0.1) |
|
Known Fixed Releases: | 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj80245 | Title: | ASR1K AVC: no records created when packets get fragemented |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
No address prefix flow records get reported when packets get fragmented at Tunnel interface, which has enabled with AVC flow monitor.
Conditions:
May occur when packet are fragmented due the maximum packet length limit, called the Maximum Transmission Unit (MTU).
When packet size is bigger than the interface MTU, the packet will be fragmented and will not be monitored by AVC.
Workaround:
Increase the size of the MTU to accommodate larger packets. For example, configure an MTU of 3000 bytes with the following CLI:
Device(config)# interface Gig0/2/1
Device(config-if)# mtu 3000
Further Problem Description:
The issue may occur when UDP traffic becomes fragmented over a DMVPN tunnel interface due to a default maximum packet size (MTU) of 1500 bytes.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S, 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun35149 | Title: | traceback when enable performance monitor on local switching |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
enable performance monitor on local switching interface
Conditions:
two interfaces are connected as local switching
Workaround:
N/A
Further Problem Description:
This TB is generated when L2 interface try to install NBAR for ipv6, but there is no ipv6 NBAR for L2 switching interface implemented before the bug fix
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S, 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul51296 | Title: | Connection reset after RP switchover |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Connections timed out after RP switchover
Conditions:
Connection reset after RP switchover. Not able to establish new connections.
Workaround:
re-enable Service Context.
Further Problem Description:
Problem happens in about 1 in 10 RP switchover on ESP20. This had not been with other ESP so far.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum25232 | Title: | ASR1K: ModExp failure with RSA key lengths that are not power of two |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR1K will fail to verify a message that is signed using a non-standard RSA key length (2024 for example). The failure is commonly seen during SCEP enrollment or when validating a peer certificate when RSA-SIG is used for phase 1 authentication.
Conditions:
The failure has been observed on ASRs using an integrated ESP
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(1)S2, 15.3(1)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum66678 | Title: | memory leak in 'CPP I/F DB' causing FP to reload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
When per-tunnel QoS is configured on a DMVPN hub, the ESP memory may become exhausted due to a memory leak. This could cause the ESP to reload.
Conditions:
If there are a large number of DMVNP spokes and the spokes flap, then memory on the ESP is allocated and not freed. This could cause the memory exhaustion on the ESP and thus case the ESP to reload.
Workaround:
One could monitor the ESP memory usage and if it is getting low, then reboot the ESP during a mainance window. The command "show platform software memory qfp-control-process qfp act brief | inc I/F" can be used to determine if memory is being consummed due to this issue. Example:
mcp6ru-14#show platform software memory qfp-control-process qfp act brief | inc CPP I/F DB
module allocated requested allocs frees
------------------------------------------------------------------------------
CPP I/F DB 128 48 5 0 <== normal condition is 5 allocs at bootup that is not freed
(one spoke flapped)
CPP I/F DB 8172 8076 6 0 <== 1 additional alloc of 8028 (2k spokes in network) - with this bug, this memory is not freed
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S, 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun94073 | Title: | SBC IPv6 traffic is not passing through hairpin pinholes |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
when non local ip address is used for hairpin calls and hairpin calls form loop,
rtp is not forwarded by sbc.
Conditions:
when non local ip address is used for hairpin calls and hairpin calls form loop.
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui80058 | Title: | IPv4 tcp adjust-mss does not work egress on crypto map interface |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
On the ASR1000 platform, if ip tcp adjust-mss is configured on an interface with a
crypto map, then the TCP MSS value is not adjusted for egress TCP flows that are
encrypted.
Conditions:
This is only a problem when there is a crypto map configured on the same interface
ip tcp adjust-mss is enabled.
Workaround:
Configure ip tcp adjust-mss on the ingress LAN interface when crypto map is
configured on the egress interface.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui17217 | Title: | RP2: %IOSXE-3-PLATFORM: F1: cpp_cp error observed on the XE-310 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
A PROXY_SID_UPDATE_LOCK_ERROR message may be printed intermittently when links are being added to or removed from an MLP bundle.
Conditions:
This error message may be seen on a router running IOSXE, such as an ASR1000. It may be seen in context with an MLP bundle that has more than one link. The occurrence might be random, and hard to reproduce.
Workaround:
Add or removing links gradually may be able to reduce the likelihood of this behaviour.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum48124 | Title: | [AVC]ESP crash with ESP reload observed on RP2 during config-replace |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Occasional crash/traceback and router reload when performing config-replace while both performance monitor/s (e.g. EzPM) and native FNF montor/s are assigned to the same interface.
Conditions:
Performing a config-replace to a clean config (i.e. doesn't assign performance monitors or native FNF monitors), while there are both performance monitor/s (e.g. EzPM) and native FNF montor/s assigned to the same interface in the current running config.
Workaround:
First un-assign ether or both the perfromance monitors and/or the native FNF monitors before performing the config-replace. In that case, the config-replace works ok.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S, 15.4(2)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S1, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun87352 | Title: | CPP crash in Flexible NetFlow due to RBUF handle exhaustion |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
The ESP module in an ASR1000-series router may reload unexpectedly. In systems with an integrated ESP, such as the ASR1001 and ASR1002-X, this may result in a reload of the entire chassis.
Conditions:
This has been observed on an ASR1001 running 15.3(3)S2 (IOS-XE 3.10.2S).
Flexible NetFlow is enabled.
Exact conditions currently unknown.
Workaround:
Disabling Flexible NetFlow may prevent the crash.
Further Problem Description:
A CPP crash of this nature will produce two core files: a CPP core, and an FMAN core.
TAC may be able to examine the CPP core to determine if an RBUF out-of-handles exception has occurred.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S2, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo31667 | Title: | uSBC: "Badly formed RTP" drop counter increasing |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
"Badly formed RTP" drop counter increases unexpectedly. This issue is recovered by reloading the SBC.
Conditions:
This issue is seen with tele-presence call.
Workaround:
Reload the SBC.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.1(3)S4 |
|
Known Fixed Releases: | 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul84373 | Title: | Kingpin-Disable hw-mod Bullseye upgrade proc and move to hw-programmable |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Tech pubs will need to verify that there is no current documentation referencing the FPGA upgrade process for ASR1002-X utilizing the "upgrade hw-module subslot x/y fpd" command structure. This will be replaced with the new "upgrade hw-programmable..." process.
Conditions:
This DDTS brings in the support for upgrading the board FPGA on ASR1002-X using CLI 'upgrade hw-programmable fpga filename bootflash:image.pkg r0'. FPD support for BUILT-IN SPA will no longer be required after this so FPD is no longer supported for BUILT-IN SPA.
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(0.2)S, 15.3(3)S, 15.4(1)S, 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S2.9, 15.3(3)S3, 15.3(3)S4, 15.4(1)S2, 15.4(1)S3, 15.4(2)S0.3, 15.4(2)S1, 15.4(2)S2, 15.4(2.7)S, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue86166 | Title: | ELC: Userspace code for MBFPGA & HKP interrupt handler |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
The interrupt infrastructure is in place; the userspace handling of interrupt delivery to Aggregation ASIC userspace driver code is not being done correctly.
Conditions:
This fixes the userspace handling of interrupt delivery to Aggregation ASIC userspace driver code
Workaround:
none
Further Problem Description:
This is for reporting any errors that the hardware may have detected. In case the errors are critical, the code will attempt to recover by reloading the line card.
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj45298 | Title: | Packet-trace reports "Packet Consumed Silently" for tunnel traffic |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
With the ASR1k packet-trace feature, a packet may be shown as "Consumed
Silently" in the packet state, where it really should be forwarded. This is only a
problem with the packet trace output, and does not impact the actual forwarding
functionality.
Conditions:
This can happen when packet-trace is tracing a tunnel encapsulated packet.
Workaround:
None.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug15520 | Title: | LISP:ucode crash @ tw_timer_stop_nl in lisp+fw scaling case |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
hit an ucode crash in lisp+zbfw scaling case, scaling number is 500 lisp instances, 50k eid table, 500 pair zone. The crash is hit in unconfigure fw data stage. it is reproducible.
Conditions:
lisp+fw, unconfig
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun17558 | Title: | ASR1K : COS Markings not preserved |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
COS markings not seen proper on the dot1q interface.
Conditions:
The issue will be seen if met all of following conditions:
1, MPLS packets with fragment happened in data plane on the dot1q interface;
Workaround:
No Workaround.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S, 15.4(3)S |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui55732 | Title: | ASR1k:support of ignore-dtr on 4XT-Serial spa |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ignore-dtr command not present with 4xt-serial spa interfaces on ASR1k
Conditions:
present in all releases from the begining of 4xt-serial spa support (RLS2 of ASR1k)
Workaround:
None
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 3.7(0) |
|
Known Fixed Releases: | 15.2(4)S3.16, 15.2(4)S4, 15.2(4)S4a, 15.2(4)S5, 15.2(4)S6, 15.3(3)S0.5, 15.3(3)S1, 15.3(3)S1a, 15.3(3)S2, 15.3(3)S2a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuo40653 | Title: | %CPPOSLIB-3-ERROR_NOTIFY: cpp_cp encountered an error |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
A traceback is seen, which is not really pointing to an error.
Conditions:
The tracebacks were seen around ESP-crash.
Workaround:
No workaround needed and the messages are more misleading only.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(1)S2, 15.3(3)S2 |
|
Known Fixed Releases: | 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj17402 | Title: | LITE VSI ID MGR reached Max. ID: 1048576 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Lite session related traceback in CPP client.
Conditions:
ESP100, very high scale.
Workaround:
Reduce number of sessions.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj04100 | Title: | CPPHA-3-FAULTCRASH on ASR1k |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR1k crashed with error message CPPHA-3-FAULT F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Conditions:
ASR1k running 03.10.00.S with configured zone based firewall
Workaround:
none at this time
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(2)S, 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh74635 | Title: | OneFW:Syslog not generated by dataplane when ICMP connection is denied |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:Syslog not seen for ICMP connection denied
Conditions:Have a deny any any policy and send icmp traffic
Workaround:No known workaround
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul70833 | Title: | Byte-based Queue-limit does not work correctly with fair-queue |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Byte-based queue-limit does not work correctly when fair-queue is configured.
Conditions:
-Using fair-queue feature simultaneously.
-The issue can happen on ASR1k.
-The issue is found on 15.3(3)S.
Workaround:
Use packet-based queue-limit instead of byte-based queue-limit.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul25109 | Title: | AVC: Templates are not exported right after reload with RP1 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
After RP1 reload, the templates are not sent at the first interval even if the monitor is ready.
Conditions:
Affects features that make use of the High Speed Logger to export records to a off box collector. Generally, this will only happen when the route used by the exporter is slow to be established.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj86660 | Title: | show platform hardware [slot | subslot | port] xyz plim buffer mapping |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
The CLI is currently not supported.
The option 'mapping' is not available if the user types a ? after buffer keyword as below
#################################################
Router#show platform hardware slot 0 plim buffer ?
settings PLIM buffer settings
Router#show platform hardware subslot 0/0 plim buffer ?
settings PLIM buffer settings
| Output modifiers
Router#show platform hardware port 0/0/0 plim buffer ?
settings PLIM buffer settings
#####################################################
Below is the list of CLI's that points the user to use :
show platform hardware slot 0 plim qos input bandwidth
show platform hardware subslot plim qos input bandwidth
show platform hardware subslot plim qos input map counters
show platform hardware port plim qos input map counters
show platform hardware port plim qos input bandwidth
show platform hardware interface plim qos input map counters
show platform hardware interface plim qos input bandwidth
Conditions:
An error would occur if the user tries to execute the cli as below :
Router#sh platform hardware slot 0 plim buffer mapping
^
% Invalid input detected at '^' marker.
Workaround:
For SPA in Slot 0, Port 0
Plim Hardware Port # Interface Names
------------------------------------------------
Interface 0/0/0 TenGigabitEthernet0/0/0
Interface 0/0/1 TenGigabitEthernet0/0/1
Interface 0/0/2 Crypto-Engine0/0/8
Interface 0/0/3 GigabitEthernet0/0/0
Interface 0/0/4 GigabitEthernet0/0/1
Interface 0/0/5 GigabitEthernet0/0/2
Interface 0/0/6 GigabitEthernet0/0/3
Interface 0/0/7 GigabitEthernet0/0/4
Interface 0/0/8 GigabitEthernet0/0/5
------------------------------------------------
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | 15.4(2)S0.10, 15.4(2)S1, 15.4(2)S2, 15.4(2.17)S0.6, 15.4(3)S, 15.4(3)S1, 15.4(3)SN1, 15.5(0.7)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj23603 | Title: | ASR1k cpp crash observed in ipv4_nat_bind_find with HAL_RID_INVALID |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
The ESP may crash in cpp_mcplo
%CPPHA-3-FAULT: F0: cpp_ha: CPP:0.0 desc:INFP_INF_SWASSIST_LEAF_INT_INT_EVENT0 det:DRVR(interrupt) class:OTHER sev:FATAL id:2121 cppstate:RUNNING res:UNKNOWN flags:0x7 cdmflags:0x8
Conditions:
NAT is enabled and mode has been changed between "Classic"/default and CGN
Workaround:
None at this time - reload box or at least CPP after changing mode.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug97910 | Title: | ESS Stats Offload on ESP100/ESP160 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
High CPP_CP process CPU load on ESP100 caused by session counter collection.
Conditions:
ESP100 and ISG scale
Workaround:
Reduce number of counters associated with ISG session
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug50150 | Title: | Fix the tracebacks introduced by CSCue17299 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:During MDR in a APS Setup, under certain conditions, IOSXE_APS-3-CCCONFIGFAILED, mesage is seen.
Conditions:If the MDR of Protect interface is Started first followed by a MDR of the Working, then the above TB will occur.
Workaround:
Ensure that the working Interface is the first which goes through the MDR. IF the interfaces are on the SAME SIP, the traffic must be flowing through the Working interface, to ensuzre zero traffic drops
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(1)S, 15.3(2)S, 15.3(3)S |
|
Known Fixed Releases: | 15.3(3)S0.6, 15.3(3)S1, 15.3(3)S1a, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S3, 15.3(3)S4, 15.4(0.19)S0.3, 15.4(1)S, 15.4(1)S0a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui37419 | Title: | ASR1k cpp crash due to large DNS message |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR1k CPP ucode crash
Conditions:
Very big DNS packet are being processed.
Workaround:
unknown.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(2)S |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuh98929 | Title: | AVC-SFR: Add two new metrics (byte counters) |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
IFNF support a single L3 byte counter for a connection. There are no separate counter for the connection client and server. This fix adds client and server counters
Conditions:
Current supported CLI:
flow record test
collect counter bytes long
end
With this fix, two additional counters can be collected:
flow record test
collect counter bytes long
collect connection client counter bytes network long
collect connection client counter bytes server long
end
Workaround:
None.
More Info:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | 15.3(2)S0.16, 15.3(2)S2, 15.3(3)S0.1, 15.3(3)S1, 15.3(3)S1a, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S3, 15.3(3)S4, 15.4(0.14)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul06682 | Title: | sho qfp active datapath utilization summary displayed incorrect |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Ixia1???asr1k1---asr1k2---ixia2
Ixia1 sends 10000pps traffic to ixia2
ixia2 sends 10000pps traffic to ixia1
only normal ip traffic, without labal... and there is no packet lost
the qfp datapath utilization input and output should 20000
but the utilization summary displayed abnormal
asr1k1
shmcp-1013-1#sho platform hardware qfp active datapath utilization summary
CPP 0: 5 secs 1 min 5 min 60 min
Input: Total (pps) 10000 10000 10000 8015
(bps) 27235992 27239832 27234912 21826272
Output: Total (pps) 10009 10004 10004 8022
(bps) 26757256 26739616 26739560 21434288
Processing: Load (pct) 0 0 0 0
shmcp-1013-1#sho platform
Chassis type: ASR1013
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
0 ASR1000-2T+20X1GE unknown 00:42:52
1 ASR1000-2T+20X1GE unknown 00:42:52
2 ASR1000-SIP40 ok 00:42:52
2/0 SPA-1X10GE-L-V2 ok 00:40:50
2/1 SPA-1X10GE-WL-V2 ok 00:40:50
2/2 SPA-1X10GE-L-V2 ok 00:40:50
2/3 SPA-1X10GE-L-V2 ok 00:40:50
3 ASR1000-SIP40 ok 00:42:52
3/0 SPA-1X10GE-L-V2 ok 00:40:50
3/1 SPA-1X10GE-L-V2 ok 00:40:50
3/3 SPA-1X10GE-L-V2 ok 00:40:50
4 ASR1000-SIP40 ok 00:42:52
4/0 SPA-1X10GE-L-V2 ok 00:40:50
4/1 SPA-1X10GE-WL-V2 ok 00:40:50
5 ASR1000-SIP10 unknown 00:42:52
R0 ASR1000-RP2 ok, standby 00:42:52
R1 ASR1000-RP2 ok, active 00:42:52
F0 ASR1000-ESP80 ok, active 00:42:52
P0 ASR1013/06-PWR-AC ps, fail 00:41:42
P1 ASR1013/06-PWR-AC ok 00:41:42
P2 ASR1013/06-PWR-AC ok 00:41:41
P3 ASR1013/06-PWR-AC ps, fail 00:41:41
Slot CPLD Version Firmware Version
--------- ------------------- ---------------------------------------
0 N/A N/A
1 N/A N/A
2 00200800 15.3(3r)S
3 00200800 15.3(3r)S
4 00200800 15.3(3r)S
5 N/A N/A
R0 10021901 15.3(3r)S
R1 10021901 15.3(3r)S
F0 11100400 12.2(20111018:223207) [gschnorr-mcp_...
shmcp-1013-1#shdrop
Global Drop Stats Packets Octets
----------------------------------------------------------------
The Global drop stats were all zero
shmcp-1013-1#sho version
Cisco IOS XE Software, Version BLD_V154_1_S_XE311_THROTTLE_LATEST_20131015_120615-std
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Experimental Version 15.4(20131015:142745) [v154_1_s_xe311_throttle-BLD-BLD_V154_1_S_XE311_THROTTLE_LATEST_20131015_120615-ios 174]
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 15-Oct-13 10:03 by mcpre
Asr1k2
shmcp-4ru-2#sho platform
Chassis type: ASR1004
Slot Type State Insert time (ago)
--------- ------------------- --------------------- ------------
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul08311 | Title: | SIP ALG will drop NAT if FQDN is instead of IP in the "c=" line of SDP |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
SIP ALG will drop NAT traffic.
Conditions:
In a case, FQDN instead of IP address is included in the "c=" line of SDP in the 200 OK response, and SIP ALG will drop this message
Workaround:
A workaround is to turn off SIP ALG if SIP server (VCS) can support NAT traversal by itself. Another way is to let VCS fill IP address instead of FQDN in the "c=" line of SDP if possible.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.2(4)S, 15.3(3)S0.10 |
|
Known Fixed Releases: | 15.2(4)S5, 15.3(3)S2, 15.3(3)S2a, 15.3(3)S2t, 15.4(1)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui49644 | Title: | fman fp crash @ cef_config_fp_atom_disp_cfg_message_ha |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
AToM(Ethernet over MPLS), FP get crash as below:
#0 0x092698b4 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x0926b384 in *__GI_abort () at abort.c:88
#2 0x0b2e55b0 in binos_crashdump (stall=0) at infra/binos/./src/bassert.c:55
#3 0x0b5a8980 in btrace_APPLICATION_FATALED_OUT_LOOK_AT_SYSLOG_OR_TRACEFILE (i=) at infra/btrace/./src/btrace.c:2121
#4 0x0b5a8970 in btrace_APPLICATION_FATALED_OUT_LOOK_AT_SYSLOG_OR_TRACEFILE (i=0x0) at infra/btrace/./src/btrace.c:2115
#5 0x0b5a8970 in btrace_APPLICATION_FATALED_OUT_LOOK_AT_SYSLOG_OR_TRACEFILE (i=0x0) at infra/btrace/./src/btrace.c:2115
#6 0x0b5a8b60 in btracev_glob (module_id=94 '^', level=112 'p', flags=BTRACE_EMIT_CHECKED, str=0xe191b44 "\n(FATAL): Uplink array full", ap=0xbfc26e48) at infra/btrace/./src/btrace.c:2210
#7 0x0b5a8d38 in btrace_glob (module_id=0 '\0', level=227 '????????', flags=6, format=0x0) at infra/btrace/./src/btrace.c:2079
#8 0x0e18c11c in aom_set_link (root_obj=0x7, link_obj=0x301339dc) at infra/aobjman/./src/aom_util.c:1763
#9 0x0e188238 in aom_link_uplink (child=0x0, parent=0x1ae3) at infra/aobjman/./src/aom_graph.c:1320
#10 0x0e180030 in aom_request_add_parent (child=0x32891698, parent=0x301339dc, flag=AOM_UPDATE_FLAG_NONE) at infra/aobjman/./src/aom_api.c:4383
#11 0x0e1804a8 in aom_add_parent (child=0x32891698, parent=0x301339dc) at infra/aobjman/./src/aom_api.c:4424
#12 0x1026bd70 in cef_config_fp_atom_disp_cfg_message_handler (h=0x10795650, tid=-1, ctx=, msg=0x13f64418, err=) at fman/fp/./src/fman_atom.c:1593
#13 0x0f3f06a0 in fp_atom_disp_cfg_message_unmarshal (h=0x0, tid=22841, context=0x13f64418, ret_msgp=0x98, mem=, avail_len=, handler=0xbfc26ff4, err=0x10795650) at infra/tdl/_gen_tdl_ppc/cef_config/./src/cef_config_message_02.c:2813
#14 0x0fa1a2a4 in fman_fp_message_dispatch_lut (lut=0xfa4fa80, h=0x10795650, tid=7, context=0x14, msg=0x10a196f4 "????1????4\017\017\017", avail_len=86, err=0xbfc271b0) at infra/tdl/_gen_tdl_ppc/fman_fp/./src/fman_fp_message.c:97445
#15 0x0fa1a494 in fman_fp_message_dispatch (h=0x1ae3, tid=250, context=0x0, msg=0x3006e430 "", avail_len=184320, err=0x3006e430) at infra/tdl/_gen_tdl_ppc/fman_fp/./src/fman_fp_message.c:97467
#16 0x10400dc0 in fman_fp_plat_message_dispatch (h=0x0, tid=6883, context=0x6, msg=0x0, avail_len=153525084, err=0x2d000) at fman/fp/./src/../mcp/src/fman_plat_asr1k.c:672
#17 0x10197440 in fman_ripc_msg_process (ctx=, arg=0x10700e20, fd=, mask=) at fman/fp/./src/fman_ipc.c:603
#18 0x0b5e88a4 in __evDispatch (opaqueCtx={opaque = 0x10700e20}, opaqueEv=Cannot access memory at address 0x1ae3
) at infra/contrib/evlib/../../../contrib/bind/lib/bind/isc/eventlib.c:1352
#19 0x0b5eafc4 in __evMainLoop (opaqueCtx=Cannot access memory at address 0x0
) at infra/contrib/evlib/../../../contrib/bind/lib/bind/isc/eventlib.c:688
#20 0x101956f4 in main (argc=52, argv=0x10471de4) at ./linkfarm/ppc/usr/binos/include/evutil/evutil.h:40
Conditions:
AToM(Ethernet over MPLS) is configured, link or protocol flapping causes timing issue. It is hard to hit.
Workaround:
None
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(1)S, 15.3(3)S, 15.4(2)S |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj14693 | Title: | XE39 GTPV2: modify bearer request is dropped when handoff from v1Tov2 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
modify bearer request is dropped.
Conditions:
handoff from gtpv1 to gtpv2
Workaround:
SGW recreate session
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S7 |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux43213 | Title: | SNMP over IPv6 link-local address does not work on IOS-XE routers |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
If SNMP uses the IPv6 link-local address SNMP fails.
Conditions:
If SNMP uses the IPv6 link-local address SNMP fails.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 12-DEC-2015 |
|
Known Affected Releases: | 15.6(3)S |
|
Known Fixed Releases: * | 15.6(1.17)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum49437 | Title: | ucode crash@ipv4_nat_cgn_mode_dp_rel_mem on changing nat mode |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ucode crash@ipv4_nat_cgn_mode_dp_rel_mem on changing nat mode
Conditions:
In a scaled setup on changing nat mode
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: * | 15.3(3)S, 15.4(1)S0.1 |
|
Known Fixed Releases: | 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCum50944 | Title: | Nightster:Luke YSN block interrupts need to be enabled |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
No visible functional impact. However in adverse conditions(highly unlikely) BUILT-IN SPA might stop forwarding traffic due to some hardware errors in L2 ASIC triggered by software misconfiguration.
Conditions:
In adverse conditions(highly unlikely) BUILT-IN SPA might stop forwarding traffic due to some hardware errors in L2 ASIC triggered by software misconfiguration.
Workaround:
Reload the router to make BUILT-IN SPA functioning properly.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: | 15.4(2)S0.8, 15.4(2)S1, 15.4(2)S2, 15.4(2.17)S0.5, 15.4(3)S, 15.4(3)S1, 15.4(3)SN1, 15.5(0.6)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul34193 | Title: | show erspan sesseion summary error |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
TAAS_1002_1#sho pla hardware qfp active feature erspan session summary
% Error: ERSPAN client (show): error processing command
Conditions:
configure 1k erspan session
when sho pla hardware qfp active feature erspan session summary
some alarm error occur
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuj04321 | Title: | ASR1002-X with NAT configured crashes at ipv4_nat_bpa_free_port |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR crashed with CGN NAT configuration.
Conditions:
Seen with CGN BPA feature configured.
Workaround:
Removing the CGN BPA configuration, the router stops crashing.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(3)S1 |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCug82939 | Title: | ZBF drops ICMP error message when using NAT64 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ICMP error packets having icmp message in the payload are being dropped when
NAT64 and ZBFW are configured.
Conditions:
The configuration should include nat64 and zbfw
Workaround:
none
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: | 15.3(3)S1, 15.4(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCun20279 | Title: | ASR1K should not count symmetric flow packets as sdrop at uRPF loose |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
At uRPF loose mode, the suppress drop counter on ASR1K will count packets even in case the packets are symmetric flow.
ASR1K should not count symmetric flow packets as sdrop at uRPF loose mode.
Conditions:
uRPF loose mode
Workaround:
None.
This ddts does not have any service/traffic impact.
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S3 |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S3, 15.4(1)S2, 15.4(2)S1, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCum78930 | Title: | CMCC XM:ASR1013-CB--ICMPv6 packet-too-big is dropped by ZBFW |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The ICMPv6 error packet (too-big packet) with icmpv6 echo reply as payload is dropped by ZBFW.
Conditions:
If the intermediate hosts generate icmpv6 error packets with icmpv6 echo reply as
pay load without properly fragmenting the packets as per the mtu of the v6 packet
flow, such icmpv6 errors packets will be dropped.
Workaround:
Adjust the mtu of the v6 pack flow so that packets, especially t he icmvp6 echo reply
does not generate an error (too-big message)
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S, 15.3(3)S, 15.4(1)S, 15.4(2)S, n/a |
|
Known Fixed Releases: | 15.2(4)S6, 15.3(3)S3, 15.4(1)S2, 15.4(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCul45015 | Title: | plim statistics show command not working on ASR1002-X |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
'show platform hardware port plim statistics' command doesn't work correct. In case of ingress plim classification, the RX high counters are always shown as zero.
This observed on ASR1002-X (confirmed), most likely on other chassis too (to be checked and confirmed)
Conditions:
Plim ingress classification classifies the ingress classification intwo HIGH and LOW priority traffic. Note that this isn't about the classification not happening correctly. Traffic is classified correctly, it is just that the 'RX high priority' counters under 'show platform hardware port plim statistics' aren't displayed (always shown as 0)
Workaround:
None.
RX high counters can be checked using 'show platform hardware port plim qos input map counters'
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx36672 | Title: | Not able to delete a particular NAT translation on ASR. |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: * |
Symptom:
'clear ip nat translation inside outside ' does not removed requested translation in ASR NAT
Conditions:
'clear ip nat translation inside outside ' does not removed requested translation in ASR NAT
Workaround:
clear ip nat trans * does work.
Fix expected in 2.3.1.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC1, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz65520 | Title: | ASRNAT: couple problems with EXTENDABLE binds |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: * |
Symptom:
Incorrect EXTENDABLE bind removed.
Conditions:
Incorrect EXTENDABLE bind removed, in some cases.
Workaround:
Removal of EXENDABLE static mappings works best if removal done in revere order in which they were added. Reboot the box or the ESP should remove any strange conditions due to this problem.
Further Problem Description:
Problem fixed in 2.4.1
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XN2 |
|
Known Fixed Releases: | 12.2(33)XND1, 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsy74888 | Title: | ASRNAT: ports not always managed properly in PAT HA |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: * |
Symptom:
With ASRNAT intrabox redundancy with an overload configuration in rare cases ports for a particular address can false be handled out twice on the standby.
Conditions:
With ASRNAT intrabox redundancy with an overload configuration in rare cases ports for a particular address can false be handled out twice on the standby.
Workaround:
The only workaround it to not run overload with intrabox redundancy.
Fix is expect in 2.3.2
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 0 |
|
Known Fixed Releases: | 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui92410 | Title: | XE39, NAT: NAT time is shown wrongly in Overlord |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
NAT time is shown wrongly in Overlord
Conditions:
n/a
Workaround:
no
Further Problem Description:
n/a
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.3(2)S1 |
|
Known Fixed Releases: | 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCui68757 | Title: | [Enhancement Req] Protection of QFP from ICMPv4 Attack |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Enhancement of icmp message rate-limit, for protection of QFP from ICMPv4 Attack.
Conditions:
In IPv4 ICMP, some types of ICMP packets will be generated in data plane. To protect QFP from IPv4 ICMP attack, we need a mechanism to do rate-limit of ICMP packets generated by data plane.
There is existing IPV4 ICMP rate-limit mechanism, which is only for ICMP unreachable type. In this fix, we expand this rate-limit mechanism to cover all IPv4 ICMP packets which are generated by data plane.
Workaround:
NA
Further Problem Description:
|
|
Last Modified: | 11-DEC-2015 |
|
Known Affected Releases: | 15.2(4)S1 |
|
Known Fixed Releases: | 15.3(3)S2.7, 15.3(3)S3, 15.4(1)S1.4, 15.4(1)S2, 15.4(1.16)S0.8, 15.4(2)S, 15.4(2.7)S, 15.4(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux08976 | Title: | ENH: ASR SSLVPN - Add Support Zone Based Firewall |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
This is an enhancement request.
Add support for Zone Based Firewall (ZBF) with ASR SSLVPN
Conditions:
** SSL VPN is enabled ASR
** ZBF is also enabled on the VPN terminating interface
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 13-DEC-2015 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz36538 | Title: | Improve in2out mcast nat |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * |
Symptom:
When doing performance testing it will be observed that with more than a few OIF associated with a multicast group, multicast nat performance in to out will not be nearly as good as out to in performance.
Conditions:
This condition is apparent whenever there are more than a few OIF associated with a group being tested.
Workaround:
There are no workarounds.
Further Problem Description:
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: | 12.2(33)XNC2, 12.2(33)XND |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb41985 | Title: | ASRNAT: set default max-entries limit in data plane |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * |
Symptom:
ASRNAT drops may occur on 2.5.0 release and later when running at over these values
FP5 - 128k
FP10 - 0.5M
FP20 - 1M
and max-entries is not configured.
Note that counts towards a limit start after a limit is configured. Existing translations do not count against a newly configured limit. Thus it is recommended procedure to do a 'clear ip nat trans *' after configuring a new limit so that it will be applied to all translations.
Conditions:
ASRNAT drops may occur on 2.5.0 release and later when running at over these values
FP5 - 128k
FP10 - 0.5M
FP20 - 1M
and max-entries is not configured.
Workaround:
If you want to run over these values, a 'ip nat trans max-entries ' must be configured.
Further Problem Description:
To provide better memory protection and default max-entries value is enforced at the data plane level based on ESP type. This value does not show in the CLI and is overriden by any 'ip nat trans max-entries ' configuration.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: | 12.2(33)XNE |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj59520 | Title: | Add more defensive and CLI enabled pkt corrupt checking for n2_l2_hdr |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
The router is reset and core decode will show the invalid memory access while doing memcpy.
Conditions:
When the packet is corrupted for some reason at the time it is come back from crypto processor, qfp may read invalid data from the packet and result in the invalid memory access.
Workaround:
None.
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: | 15.0(1)S3, 15.1(1)S1, 15.1(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCto26907 | Title: | ASR1K: mcast pkt sent out RBE has incorrect dest MAC 01-00-5e-00-00-00. |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: * | Symptom:
Mulicast packet drop with RouteBridgeEncapsulation (RBE)
Conditions:
When used RBE configuration, Multicast packets may not get forwarded.
Workaround:
none
|
|
Last Modified: | 17-DEC-2015 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: | 15.1(2)S2, 15.1(3)S, 15.2(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuq30260 | Title: | VC flaps on removing disable-fallback option from pseudowire |
|
Status: | Fixed |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Pseudowire flaps on updating config
Conditions:
Update disable-fallback option that is part of "preferred-path interface " command.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 19-DEC-2015 |
|
Known Affected Releases: | 15.4(1)S |
|
Known Fixed Releases: * | 15.4(3)M2.1, 15.4(3)M3, 15.4(3)M3.1, 15.4(3)S1.8, 15.4(3)S2, 15.5(1)S0.5, 15.5(1)S1, 15.5(1)SN1, 15.5(1)T1.1, 15.5(1)T2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu39274 | Title: | ENH: ASR1K support for anyconnect session reconnects |
|
Status: * | Terminated |
|
Severity: | 6 Enhancement |
Description: | Symptom:
This is an enhancement request to provide anyconnect to be able to reconnect to ASR headend, when there are TCP or other disruptions that require session to be re-established.
Conditions:
anyconnect reconnects
Workaround:
n/a
Further Problem Description:
|
|
Last Modified: | 20-DEC-2015 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | |
|
|
| |
:
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论