| |
|
Alert Type: | Updated * |
Bug Id: | CSCus86476 | Title: | ASR1K NAT ALG ucode crash @ipv4_nat_destroy_addrport_bind |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: | Symptom:
Crash occurs in chunk malloc. Backtrace indicates call from ipv4_nat_destroy_addrport_bind
Conditions:
The PPTP ALG must be enabled for this condition to occur (enabled by default)
Workaround:
Disable PPTP ALG through use of configuration command "no ip nat service pptp"
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.4(2)S2.1 |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(1)S3, 15.5(2)S2, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv19154 | Title: | After upgrade of IOS-XE software, appnav functionality maybe impacted. |
|
Status: | Fixed |
|
Severity: | 1 Catastrophic |
Description: | Symptom:
Appnav functionality may be impacted. Client may be unable to establish a connection to the server if the traffic gets intercepted by AppNav.
Conditions:
After upgrade of IOS-XE software to XE3.13.3, XE3.14.2, XE3.15.1 or XE3.16.
AppNav is acting as an intermediate node(s) between 2 end point WAAS devices (3+ WAAS in path).
Workaround:
Do one of the following:
1) Rollback the IOS-XE software (XE3.13.2, XE3.14.1, XE3.15)
2) Use policy on AppNav or WAAS to bypass traffic that is impacted explicitly instead of relying on auto-discovery on WAAS.
3) On the WAAS connected to AppNav, configure the following to disable pass-through offload -
"no service-insertion pass-through offload enable".
WAAS will no longer offload flows to AppNav
More Info:
The logic of handling certain bypass action by WAAS is broken by a recent commit.
The result is that when WAAS found out it is an intermediate optimizer, usually during Syn-Ack, the packet is incorrectly dropped by AppNav. As a result, the TCP connection cannot be established.
In some cases, connection may still be able to establish after extended period of time, typically over 30s when the connection aged out on one of the WAAS devices.
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux73735 | Title: | XE316, asr1k crashes @ m_requeue /push_node_up |
|
Status: | Other |
|
Severity: | 1 Catastrophic |
Description: | Symptom:
when preform below steps, may cause the asr1k reload itself:
1)wr er
2)reload
3)when asr1k reload back, script configure host name and up interface, what we see fom log:
when asr1k reload back, the router promoted did not promote "Would you like to enter the initial configuration dialog? [yes/no]: " immediately and allows the script to make configuration. after script did configuraton, such hostname, up interface, then do "yes"
for % Please answer 'yes' or 'no'.
Conditions:
do "wr er" and "reload" back. once asr1k come back, if make some configuration before answering "Would you like to enter the initial configuration dialog? [yes/no]: "(which should not allow). Then answer this Q, yes or no, the asr1k will crash.
Workaround:
None
Further Problem Description:
none
|
|
Last Modified: | 20-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCue49808 | Title: | PTA router crashes on configuring unclassifed mac-address |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Traceback followed by IOSD crash while loading a config file from a tftp: directly into running-config
Conditions:
On applying intiator unclassifeid mac-address command
Workaround:
Copy config file to a file on a local resource (e.g. nvram:, flash:, harddisk:) and apply from the local file.
|
|
Last Modified: | 13-JAN-2016 |
|
Known Affected Releases: | 15.3(2)S |
|
Known Fixed Releases: * | 15.1(1)IC66.63, 15.1(1)ICA4.122, 15.1(1)ICB29.36, 15.2(1)E, 15.2(1)E1, 15.2(1)E2, 15.2(1)E3, 15.2(1)EY, 15.2(1.1)PSR, 15.2(2)E |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv59014 | Title: | ASR1k ROMMON: Vulnerability in package codesign validation |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
A vulnerability in secure boot feature of the Cisco Aggregate Services Router 1000 Series (ASR1K)
ROM Monitor mode (ROMMON) could allow an authenticated, local attacker to bypass secure boot
and allow arbitrary code to be loaded and executed on the affected device.
The vulnerability is due to improper input validation when the image header is parsed. An attacker
could exploit this vulnerability by crafting a specialized image on installing it on the bootflash of the
device. An exploit could allow the attacker to bypass secure boot and allow malicious code to be
loaded and executed on the device.
Conditions:
ASR1001-X, ASR1002-X, ASR1000-ESP100/200, or ASR1000 Ethernet Linecards running with default configuration and ROMMONs versions prior to 15.5(3r)S1.
Workaround:
As the ROMMON itself is still subject to checks by the secure boot microloader trust anchor, the
Secure Hash Algorithm (SHA) hash reported by the ROMMON can be checked against a golden
system running the same release version to determineif the copies are identical.
Further Problem Description:
Fixed in ROMMON 15.5(3r)S1
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 1.7/1.3:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C&version=2.0
No CVE ID has been assigned to this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 14-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | 15.6(0.14)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux33568 | Title: | ESP crash while reconfiguring FR interface to MFR bundle |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ESP40 crash with ESP core file only generated, no CPP core file on hard disk
Conditions:
reconfiguration of FR interface into MFR bundle with applied QoS
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 18-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 16.2(0.257), 16.3(0.52) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu85691 | Title: | Under load crash is seen at REFER based scenarios |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Under load crash is seen at REFER based scenarios
Conditions:
Load enclosed configs
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 20-JAN-2016 |
|
Known Affected Releases: | 15.5(2.21)S0.6 |
|
Known Fixed Releases: * | 15.4(3)M4.1, 15.4(3)S4.12, 15.5(2)S1.7, 15.5(2)S2, 15.5(2)T2, 15.5(3)M0.2, 15.5(3)M1, 15.5(3)S0.7, 15.5(3)S1, 15.5(3)S1a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux75028 | Title: | ASR1k ucode crash at fnf_aor_flow_extrfield_list_free |
|
Status: | Open |
|
Severity: * | 2 Severe |
Description: | Symptom:
A ucode crash will be seen on an ASR1k with a DTL transfer error
Conditions:
This crash was seen within the flexible net flow code path but the exact specifics are unknown at this time.
We don??t know the crash root cause yet. It may be observed with all IOS-XE platforms.
Crash observed with performance monitors contains
- traffic-monitor url
- traffic-monitor all
or/and FNF monitors contain extracted fields like
- collect application http
- collect application
Workaround:
To remove LIVEACTION monitors and(or) performance monitor that contain extracted fields".
Further Problem Description:
|
|
Last Modified: | 21-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S1.5 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux00303 | Title: | Router crash after stopping EPC |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Router configured for EPC may crash after executing the command "monitor capture < > stop".
Conditions:
EPC session is configured using ACL filter. The crash occurs when the capture is stopped.
Workaround:
Not known
Further Problem Description:
|
|
Last Modified: | 22-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 16.2(0.261) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu55787 | Title: | ASR1001-X: Router fails to come online with No Service Password Recovery |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Router fails to come online after attempting to return to factory defaults with "No Service Password Recovery" enabled.
Conditions:
ASR1001-X with No Service Password Recover enabled. An attempt to send a to the ROMMON followed by answer "Y" to
Do you want to reset the router to the factory default
configuration and proceed [y/n] ?
Workaround:
Do not enable No Service Password Recovery
or
Do not attempt to return router to factory defaults after having done so
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S3, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut96933 | Title: | ASR1K ucode crash seen at mpls_icmp_create |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
A vulnerability in the processing of IPv4 packets that require Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allow an unauthenticated, remote attacker to cause a reload of the affected device.
The vulnerability is due to improper processing of IPv4 packets that require NAT and MPLS processing. An attacker could exploit this vulnerability by sending an IPv4 packet to be processed by a Cisco IOS XE device configured to perform NAT and MPLS services. A successful exploit could allow the attacker to cause a reload of the affected device.
Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-iosxe
Note: The September 23, 2015, release of the Cisco IOS and IOS XE Software Security Advisory bundled publication includes three Cisco Security Advisories. All the advisories address vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Individual publication links are in Cisco Event Response: September 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep15.html
Conditions:
Refer to the security advisory
Workaround:
Refer to the security advisory
Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.1/5.9:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE ID CVE-2015-6282 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.2(4)S5.1, 15.4(3)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(3)S3, 15.5(1)S3, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09607 | Title: | binos: Linux Kernel VLAN vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) ID:
CVE-2011-4110
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 2.1/1.7:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C&version=2.0
CVE-2011-4110 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux97422 | Title: | on ASR1001-X/ASR1002-X, No syslog output when one power down |
|
Status: | Other |
|
Severity: | 2 Severe |
Description: | Symptom:
on ASR1001-X/ASR1002-X, No syslog output when one power down
Displayed Ok in "show platform", and from "show facility-alarm status"
also cannot check [Power:CRITICAL]
Conditions:
One power is down
Workaround:
Unknown
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv66011 | Title: | ESP100: cpp_cp_svr crashed in function cpp_ess_ea_is_vsi_valid |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ESP100 crashed in process cpp_cp_svr.
Conditions:
Subscriber accounting accurate feature is enabled for IPoE session on ESP100.
Clear IPoE session.
Workaround:
Disable subscriber accounting accurate feature.
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(1)S, 15.5(2)S, 15.5(3)S, 15.6(1)S |
|
Known Fixed Releases: * | 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv91545 | Title: | ESP continuous crash on ASR1013 using 03.13.03.S.154-3.S3-ext.bin |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Crash
Conditions:
when customer upgraded from asr1000rp2-adventerprisek9.03.11.02.S.154-1.S2-std to asr1000rp2-adventerprisek9.03.13.03.S.154-3.S3-ext.bi
Workaround:
Removing the deny entries from the ACL used in ZBFW policy-map stops the ESP crash
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S, 15.4(3)S3.1 |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.194), 16.2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv57459 | Title: | ASR1K Kernel crash at pidns_get() - part 2 |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1K kernel crash
Conditions:
This has been seen on ASR1K running 3.10.2 code.
Workaround:
Not known
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: * | 15.2(4)S8, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCup91567 | Title: | ASR1001-X boot-loops with CMCC crash and XGM MAC10 block errors |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
An ASR1001-X router may enter a "boot-loop" when its powered ON.
with this defect the CMCC process will crash during system initialization i.e during router bootup.
This might repeat on each subsequent router bootup.
Messages similar to the following may be seen:
*Aug 3 06:13:42.758: %CMCC-0-PLIM_HALT: SIP0: cmcc: A PLIM driver has critical error Ysn-Mac10 - xgm: crc, 0, param 29 param 0
*Aug 3 06:13:42.997: %PMAN-3-PROCHOLDDOWN: SIP0: pman.sh: The process cmcc has been helddown (rc 134)
*Aug 3 06:13:43.021: %PMAN-0-PROCFAILCRIT: SIP0: pvp.sh: A critical process cmcc has failed (rc 134)
Conditions:
This is a corner case. And there is no configuration- or traffic-specific trigger to hit this issue.
This problem might occur in any of the power on of ASR1001-X.
This issue occurs when an error interrupt is recorded by the main forwarding ASIC and due to this defect the interrupts are not cleared on a subsequent reboot.
This problem can happen on any kind of reloads crash reload/software reload/power cycle.
if once it occurs it will keep repeating
Workaround:
Power the router down (switch off power supply, or unplug) for a short time (30 seconds to a minute) and then power it back on. This will clear the spurious interrupt. and subsequent router bootup will succeed,
Further Problem Description:
The interrupts known to trigger this are those which are usually considered transient / "soft" errors: parity errors, internal CRC errors and the like. In software, some of these interrupts are not correctly cleared during the boot process / soft reboot, and so will continue to assert themselves on each subsequent boot. This causes the CMCC process to crash and reload the system repeatedly. Powering down the system fully clears the interrupt(s) and allows the system to boot.
This software fix clears all relevant interrupts correctly on boot, avoiding the issue.
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.4(2)S |
|
Known Fixed Releases: * | 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.188), 16.2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu82192 | Title: | NatGatekeeper performance degraded |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
While sending a traffic stream with 12100 source to 12100 destination qfp load on extended mode is higher than the default mode.
Conditions:
Send a traffic stream with 12000 source to 1200 destination observe that qfp load will be higher
Workaround:
N/A
Further Problem Description:
N/A
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S3, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtz61014 | Title: | f Linux kernel NTP leap second handling could cause deadlock |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
There are periodic leap second events which can add or delete a second to global time.
When the leap second update occurs the system will crash when adding or deleting NTP leap second in NTP
master mode.
Conditions:
The leap second update will be propagated via Network Time Protocol (NTP) or via manually setting the clock.
Workaround:
To prevent an issue when the leap second update is received do not configure the system as NTP master.
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: * | 15.1(3)S4, 15.2(2)S1, 15.2(4)S8, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut74937 | Title: | ASR1K PBR VRF Selection not working when source is local router |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ae_test_cp1#show plat hard qfp acti stat drop
-------------------------------------------------------------------------
Global Drop Stats Packets Octets
-------------------------------------------------------------------------
ForUs 15 858
Icmp 205 23210
IpFragErr 3369 5146500
Ipv4NoAdj 465301 38263494
Ipv4NoRoute 1188 100002
Ipv4RoutingErr 6 600
NatIn2out 3117 362895
NatOut2in 3018 229816
UnconfiguredIpv4Fia 260203 17732393
UnconfiguredIpv6Fia 596925 152893250
ae_test_cp1#ping vrf ae_vpn1 10.20.30.1 source 10.20.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.20.30.1, timeout is 2 seconds:
Packet sent with a source address of 10.20.10.1
.....
Success rate is 0 percent (0/5)
ae_test_cp1#show plat hard qfp acti stat drop
-------------------------------------------------------------------------
Global Drop Stats Packets Octets
-------------------------------------------------------------------------
ForUs 15 858
Icmp 210 23780
IpFragErr 3369 5146500
Ipv4NoAdj 465301 38263494
Ipv4NoRoute 1188 100002
Ipv4RoutingErr 6 600
NatIn2out 3117 362895
NatOut2in 3018 229816
UnconfiguredIpv4Fia 260203 17732393
UnconfiguredIpv6Fia 596925 152893250
Conditions:
No specific condition, just need to configure VRF Selection and it happens
Workaround:
No workaround
Further Problem Description:
none
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.2(4.0.1) |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv83793 | Title: | AppNav-XE drop packets when traffic from WAAS has wrong ID |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ICA AO / WAAS Traffic / packet drop is seen in packet capture, application would fail to connect.
Conditions:
IOS-XE 3.13.3x and WAAS code 5.3.x to 5.5.x additional code version may be impacted.
Workaround:
From AppNav-XE Policy, put this traffic as pass-through using port numbers
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S3.3 |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09604 | Title: | Multiple Cisco Devices Contain Linux Kernel Vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-2373,CVE-2012-2372,CVE-2011-1023
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4.9/4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2012-2373, CVE-2012-2372, and CVE-2011-1023 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv52648 | Title: | ESP memory leak under cpp_cp_svr due to BFD feature |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1K ESP memory leak:
From "show platform software status control-proc brief":
we see ESP memory utilization(committed field) is going up over time:
Memory (kB)
Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
RP0 Healthy 3874504 1769324 (46%) 2105180 (54%) 2414216 (62%)
ESP0 Healthy 969088 897480 (93%) 71608 ( 7%) 680672 (70%) <<<
SIP0 Healthy 471832 268616 (57%) 203216 (43%) 235364 (50%)
From "show platform software process list f0 sort mem" we see cpp_cp_svr holding more and more memory over time
From a breakdown view, from "show platform software memory qfp-control-process qfp active brief"
we see the leak is under the following chunk:
CPP AEM SUB-TASK CHUNK
CPP AEM TASK CHUNK
CPP HASH CHUNK
Conditions:
The leak is seen when BFD feature is enabled.
Workaround:
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S3.1 |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv25212 | Title: | ucode crashes with Fair Queue and FNF export is configured |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ucode crashes when there is a dropped packet with Fair Queue and FNF export is configured
Conditions:
ucode crashes when there is a dropped packet with Fair Queue and FNF export is configured
Workaround:
Either remove Fair Queue configuration or FNF export, until there is an image available with a fix
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.4(3)S4, 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu07657 | Title: | binos: Linux Kernel Generic , Proc and Admin access vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
Cisco ASR 1000 Series Aggregation Services Router includes a version of the Linux Kernel that is affected by the vulnerabilities identified by
the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2011-3593, CVE-2011-3637, CVE-2012-1179
This bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 5.7/5.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2011-3593, CVE-2011-3637, CVE-2012-1179 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09547 | Title: | binos: Linux Kernel kvm vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2013-1796,CVE-2011-4622,CVE-2012-0045
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 6.8/5.6:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:A/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2013-1796 and CVE-2011-4622 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09588 | Title: | binos: Linux Kernel Btrfs vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms:
Cisco ASR 1000 Series Aggregation Services Router includes a version of Linux Kernal that is affected by the vulnerabilities identified by the
following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-5374, CVE-2012-5375
This bug was opened to address the potential impact on this product.
Conditions:
Device with default configuration.
Workaround:
Not currently available.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 4/3.8:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:L/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C&version=2.0
CVE ID CVE-2012-5374, CVE-2012-5375 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut98370 | Title: | binos: Linux Kernel ipv6, ipv4 vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-4565,CVE-2012-4444,CVE-2013-0310,CVE-2013-4162,CVE-2011-2699
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2013-1796 and CVE-2011-4622 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut72639 | Title: | ASR1k CPP crash with IP Options |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR may reload or have a CPP crash when configured with MPLS.
Conditions:
ASR receives following packet from mpls interface. the packet's format is as follows:
Workaround:
none
Further Problem Description:
The router crashes because of receiving a mpls packet with explicit null label as well as LSR ip option from mpls interface
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.3(3)S3 |
|
Known Fixed Releases: * | 15.3(3)S6, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu88964 | Title: | ASR1K Kernel crash at pidns_get() |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
ASR1K kernel crash
Conditions:
This has been seen on ASR1K running 3.10.2 code.
Workaround:
Not known
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.3(3)S2 |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09592 | Title: | binos: Linux Kernel Solar flare Eth. driver vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) ID:
CVE-2012-3412
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.8/6.4:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C&version=2.0
CVE-2012-3412 has been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv39756 | Title: | EFP crash with vxlan mcast core and unicast traffic 1400 size |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
EFP crash with vxlan mcast core and unicast traffic 1400 size.
Conditions:
IPv4 traffic size more 1400 bytes
Workaround:
no workarounds
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 15.5(1)S3, 15.6(1)S, 16.2(0.170) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu09595 | Title: | binos: Linux Kernel TCP SYN+FIN packets vulnerabilities |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Multiple Cisco devices include a version of the Linux Kernel that is affected by the vulnerabilities identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2012-2663, CVE-2012-4530
This bug was opened to address the potential impact on this product.
Conditions:
Device running with default configuration running an affected version of software.
Workaround:
None.
Further Problem Description:
Additional details about the vulnerabilities listed above can be found at http://cve.mitre.org/cve/cve.html
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/6.2:
http://tools.cisco.com/security/center/cvssCalculator.x?vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C&version=2.0
CVE-2012-2663 and CVE-2012-4530 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: * | 15.2(4)S8, 15.3(3)S6, 15.4(2)S4, 15.4(3)S4, 15.5(1)S3, 15.5(2)S1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux37457 | Title: | P1 power supply shows as "ps, fail" status on 13RU |
|
Status: | Fixed |
|
Severity: * | 2 Severe |
Description: | Symptom:
P1 power supply shows as "ps, fail" status from "show platform" on 13RU chassis
Conditions:
Problem shows up w/ asr1000rp2-adventerprise.03.16.01a.S.155-3.S1a-ext.bin or asr1000rp2-advipservices.03.17.00.S.156-1.S-std.bin
Workaround:
"sh platform hardware slot P1 mcu status? or "sh platform hardware slot P1 fan status? can be used to monitor status of the PS.
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | 16.2(0.218), 16.2(0.227) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuu24757 | Title: | ASR1k QFP leak with cpp_sp_svr at module FM CACE |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
An ASR1k router will have a leak on the QFP with cpp_sp_svr. Listing the modules under this service, FM CACE which deals with software TCAM will be holding the majority of the memory:
Router#show platform software memory qfp-service-process qfp active
.
.
Module: FM CACE
allocated: 1866346946, requested: 1857054514, overhead: 9292432
Allocations: 1161692189, failed: 0, frees: 1161111412
Conditions:
Currently, this is seen when tunnel interface is configured with IPSEC in a DMVPN environment but the exact conditions are unknown at this time.
Workaround:
None at this time
Further Problem Description:
|
|
Last Modified: | 26-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S2.2 |
|
Known Fixed Releases: | 15.4(3)S4, 15.5(2)S1, 15.5(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux43951 | Title: | Packet drops on built-in 1Gig ports of ASR1001-X |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Packet drops is seen when ASR1001-X builtin 1gig ports are connected to third party ONS
Conditions:
This is seen with the built-in 1GIG ports on an ASR1001-X
Workaround:
Adding a switch in between ASR1001-X and the connected device will prevent the issue.
Further Problem Description:
|
|
Last Modified: | 28-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4.8, 15.5(3)S1.9, 15.6(0.22)S0.13, 16.3(0.46) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy02409 | Title: | BDI not Passing VRRP Multicast Traffic |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
BDI interface on ASR1k is not passing multicast traffic.
Conditions:
n/a
Workaround:
no at the moment.
Further Problem Description:
n/a
|
|
Last Modified: | 28-JAN-2016 |
|
Known Affected Releases: | 15.3(3)S6 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw91822 | Title: | vISG not sending COA Response |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Client are not able to browse internet
Conditions:
vISG version 3.16 integrating with Single Digits
Workaround:
Further Problem Description:
None
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 15.3(3)S3.16, 16.2(0) |
|
Known Fixed Releases: * | 15.4(3)S4.7, 15.5(2)S2.1, 15.5(3)S1.2, 15.6(0.22)S0.8, 15.6(1.16)S, 16.2(0.272), 16.3(0.32) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsv73721 | Title: | ISSU ERP tracebacks on active RP during router bootup |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: The following tracebacks appeared on the active RP console during router boot up:
000131: *Nov 12 16:16:43.075 EST: %ISSU-3-FAILED_TO_ALLOC_UNDER_ENDPOINT: Can not allocate
transport id(131072) control block.
-Traceback= 1#04182c093c3bf3fa21a9ef089770e5a6 :10000000+5179E0 :10000000+518294
:10000000+515F3C :10000000+200F5DC :10000000+200E5C4 :10000000+1F78A0C
000132: *Nov 12 16:16:43.077 EST: %ISSU-3-ERP_CLIENT: For context ID 131072, Current context
for ERP isn't available
-Traceback= 1#04182c093c3bf3fa21a9ef089770e5a6 :10000000+5179E0 :10000000+518294
:10000000+515F3C :10000000+200E898 :10000000+1F78A0C
000133: *Nov 12 16:16:43.078 EST: %IPC-3-ISSU_ERROR: ISSU register peer failed failed with error
code 0 for seat 20000
-Traceback= 1#04182c093c3bf3fa21a9ef089770e5a6 :10000000+5179E0 :10000000+518294
:10000000+515F3C :10000000+1F78D5C
Conditions: The symptom will show up at boot up if the box has more than 10 ISSU endpoints.
ISSU aware RP, SP, linecards all count as endpoints.
Workaround: There is no workaround.
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XN, 12.2(33)ZZ |
|
Known Fixed Releases: * | 12.2(32.8.10)REC154, 12.2(32.8.11)REC154, 12.2(32.8.11)SX227, 12.2(32.8.12)REE154, 12.2(32.8.9)YCA206.8, 12.2(33)SRE, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv01168 | Title: | SPA-2XCT3/DS0 controller is not coming up on fresh reboot. |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
While testing with the mcp_ceop_t3t1_cem_func functionality the serial interface was not able to up..
Conditions:
Issue is seen with asr1k platform
Workaround:
Can Make the serial interface up by giving no shut again to the other end which was already in no shut mode
..
Further Problem Description:
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: * | 15.5(3)S1.4, 15.6(0.22)S0.15, 16.2(0.195) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsm98756 | Title: | Active RP jumps from 23% to 99%, with "show run | inc ipv6 route" |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: CPU utilization peaks at 99% for a sustained period and various
control plane functions such as SBC call setup may not function as expected.
Conditions: The symptom is observed with a large scale configuration (thousands
of VLANs) and when performing the show run | inc ipv6 route
command.
Workaround: Save the startup-configuration on the bootflash and view from the
console. To view the running configuration the show
configuration command should be executed from the console.
Further Problem Description: The issue is caused by inefficiencies in the NVGEN
operation and has impact on the processing of new SBC calls. However, it should
not impact the already-established calls.
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNA, 12.2SR, 12.2XN |
|
Known Fixed Releases: * | 12.2(32.8.3)REE177, 12.2(32.8.5)REC177, 12.2(32.8.6)REC177, 12.2(33)XNC, 12.4(23.15.6)PIC1, 12.4(24.5.2)PIC1, 12.4(24.5.3)PIC1, 15.0(1)SY, 15.1(1)SG1.3, 15.1(1)SG3.90 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy04962 | Title: | XE317:Ucode Core@l2bd_bfib_ager_timer_init during traffic in Kingpin |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: | Symptom:
While testing XE317 image with below 4 features in Kingpin platform, observing fman_fp and cpp_mcplo_ucode core files during traffic.
Features:
++++++++
xe37_urpf_acl
xe37_nbar
xe39_vlan0
xe39_evc
Conditions:
Fman_fp and cpp_mcplo_ucode core files is seen during traffic in Kingpin platform.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCte98082 | Title: | PPPoE session not coming up on some clients due to malformed PADO |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: PPPoE session is not coming up on some clients due to a malformed PADO.
PPPoE relay sessions are failing to come up on an LAC.
Conditions: The symptom is observed with a few clients which are unable to
process malformed PADO and also when "pppoe relay service" is configured on the
LAC.
Workaround: There is no workaround.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNE1, 12.2(33)XNF |
|
Known Fixed Releases: * | 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33)XNE2, 12.2(33.1.1)XNF1, 12.2(33.2.8)XNE1, 15.0(0.7)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz42939 | Title: | IOS crash pointing @mcprp_spa_ct3_pat_remove_interface |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: Router crashes and reloads when multiple interfaces are configured
with SPA-4XCT3/DS0/SPA-2XCT3/DS0 SPA.
Conditions: The symptom is observed when multiple channel groups are configured
on SPA-4XCT3/DS0 SPA and then a soft/hard OIR is performed.
Workaround: There is no workaround.
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2REC, 12.2SRD, 12.2XN |
|
Known Fixed Releases: * | 12.2(32.8.2)YCA273.15, 12.2(32.8.31)REC186, 12.2(32.8.5)YCA273.15, 12.2(33)SRE, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb01505 | Title: | Router crashes with ospf_build_net_lsa |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: A Cisco router may crash when building an OSPF Network LSA.
Conditions: This symptom is observed while unconfiguring ospf configurations.
Workaround: There is no workaround.
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)SXH, 12.2(33)XND, 15.0(1)M |
|
Known Fixed Releases: * | 12.2(32.8.11)SX300, 12.2(32.8.11)XJC273.18, 12.2(32.8.29)REC186, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE12, 12.2(33)SRE13, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd05318 | Title: | mVPN: RP2 crashes on watchdog exception "MRIB Trans" triggered by SSO |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: A watchdog exception crash on "MRIB Transaction" may be observed on a
new active RP when an RP switchover is initiated.
Conditions: The symptom is observed during an RP switchover under a scaled
scenario with a router configuration with approximately 1K EBGP peers with 500K
unicast routes and 300 mVRFs with 1K mcast routes.
Workaround: There is no workaround.
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: * | 12.2(32.0.11)SRE, 12.2(32.8.11)YST273.2, 12.2(32.8.2)YCA273.35, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33)XNE1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCte58825 | Title: | IOSD crash on SNMPWalk at get_ipsec_policy_map |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: There is a crash upon conducting an snmpwalk from "enterprise mib
oid
1.3.6.1.4.1".
Conditions: The symptom is observed on a Cisco ASR 1000 Series Aggregation
Services router that is running Cisco IOS Release 12.2(33)XNE.
Workaround: Configure SNMP view to exclude ipSecPolMap as follows:
snmp-server view iso included
snmp-server view ipSecPolMapTable excluded
snmp-server community view RO
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNE, 15.0(1)M |
|
Known Fixed Releases: * | 12.2(33)XNE2, 12.2(33.1.1)XNF1, 12.2(33.2.4)XNE1, 15.0(0.3)S, 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc69991 | Title: | DMVPN P3:NDB state error trcbk@ IPConnectedRoute & CDP Protocol Proc |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: A Cisco ASR 1000 Series Aggregation Services router configured as a
DMVPN spoke may throw tracebacks.
Conditions: The symptom is observed when "odr" is configured as the overlay
routing protocol and a shut/no shut is done on the tunnel interface.
Workaround: Use EIGRP as the overlay routing protocol.
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: * | 12.2(32.0.13)SRE, 12.2(32.8.7)YCA273.35, 12.2(33)SB9, 12.2(33.1.18)XNE, 12.2(33.1.8)XNF, 12.2(33.1.9)MCP7, 12.2(33.2.13)SB11, 12.2(33.2.81)SB12, 12.2(33.3.0)SB13, 12.2(33.3.1)SB15 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc43110 | Title: | uSBC5:H323 signaling qos on callee leg defaults to DSCP '13' |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms: Under H.323 call scenarios, the outgoing H.323 signaling packets
(TCP) are marked with a non-zero DSCP value, even though no QoS is configured
for the H.323 leg of the call.
Conditions: The symptom is observed under all H.323 to H.323 and SIP to H.323
scenarios in which the SBC creates a downstream H.323 call leg.
Workaround: There is no workaround via SBC configuration. QoS can be re-marked
via MQC policy placed on the outbound physical interfaces of the Cisco ASR
router.
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2XNE |
|
Known Fixed Releases: * | 12.2(33)XND3, 12.2(33)XNE1, 12.2(33)XNF, 12.2(33.1.1)XNF1, 12.2(33.1.15)XNE, 12.2(33.1.4)MCP7, 12.2(33.2.1)XND2, 15.1(1)MR6, 15.1(3)MRA, 15.1(3)MRA1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuy05915 | Title: | XE: PBR breaks when CWS is enabled on the same interface |
|
Status: | Open |
|
Severity: | 2 Severe |
Description: * | Symptom:
Enabling PBR and CWS together on the same interface breaks all traffic destined to the LAN side.
Conditions:
XE - ISR4K series router running 3.16.1
Workaround:
None
Further Problem Description:
If route leaking is not possible this is one way to move the packets between vrf and global and this method breaks in 3.16.1 when enabled with CWS.
1. Configure route-map to be applied using ip policy on WAN interface for any traffic destined to the LAN and under the route-map and use "set global".
2. Configure route-map to be applied using ip policy on LAN interface for any traffic sourced from the LAN to any destination or simply for port 80 and 443 to be redirected to CWS and under the route-map use "set vrf "
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S0.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtk46753 | Title: | RLS9: After sip call terminated, no sbc, then configure sbc makes crash |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptom:
From the console, seems this crash cause by:
SBC: Assertion failed - wait_rc
SBC: at ../VIEW_ROOT/cisco.comp/sbc/src/sbc-infra/src/ios_cli/sbc_dbe_vdbe_config.c:5837
Conditions:
Make one basic SIP-SIP call, after call terminated,"no sbc".
When try to configure sbc again, crash occurs
Workaround:
No workaround till now
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: * | 15.1(1.22)S0.6, 15.1(2)EY, 15.1(2)S, 15.1(2.3)S, 15.1(2.6)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S5 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux55692 | Title: | TCAM Errors in NL11k TCAM of Fixed Ethernet Linecards |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Intermittent packets loss on Fixed Ethernet Linecards[ASR1000-6TGE/ASR1000-2T+20X1GE]
Conditions:
This intermittent packet loss is due to TCAM Mismatch error counters. TCAM mismatch counters can be seen using "test hw-module subslot 0 np4c stat 1" CLI under SPA console of the linecard.
Workaround:
Reload of the linecard using "hw-module slot reload"
Further Problem Description:
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.3(3)S |
|
Known Fixed Releases: * | 15.4(3)S4.10, 15.5(3)S1.4, 15.6(0.22)S0.13, 16.2(0.273), 16.3(0.73) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtq46745 | Title: | SBC sip default profile configuration lost on reload |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms: Custom configured default sip profiles (option/method/header) are
lost during a router reload.
Conditions: This symptom occurs during reload.
Workaround: Use non-default profiles for each adjacency.
|
|
Last Modified: | 01-FEB-2016 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: * | 12.2(33)XNE1, 15.1(1)MR6, 15.1(2)S1.3, 15.1(2)S2, 15.1(2.16)S0.7, 15.1(3)MR, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj99431 | Title: | Sessions coming up with shared key mis-match between ISG & Radius-Client |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: Sessions have shared key mismatch between ISG and Radius client. Nonsubnet client (best match) does not get preference over subnet client.
Conditions: This symptom is observed on a Cisco ASR 1000 router when it functions as an ISG Radius-Proxy Router.
Workaround: Remove "ignore server key" from "aaa server radius dynamic-author" .
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: * | 15.0(2.12)DPA2, 15.0(2.26)DPB1.18, 15.0(2.26)DPB1.36, 15.0(2.26)DPB11, 15.0(2.26)DPB7, 15.0(2.28)DPB1.0, 15.0(4.1)SID, 15.1(1)MP1.2, 15.1(1)MR3, 15.1(1)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtl50930 | Title: | RLS3.3 Assert failure in cisco.comp/sbc/src/sbc-app/src/sip/siptvld5.c |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: * | Symptoms: For some SIP messages like OPTION, SBC asserts failure when called
through VRF.
Conditions: This symptom occurs on 1001, 1002, or 1004 non-redundant modes.
Workaround: Configure the redundant mode SSO.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: * | 15.1(1)S, 15.1(2)S |
|
Known Fixed Releases: * | 12.2(33)CX, 12.2(33)MRA, 12.2(33)SB14, 12.2(33)SB15, 12.2(33)SB16, 12.2(33)SB17, 12.2(33)SB6a, 12.2(33)SB6aa, 12.2(33)SB6b, 12.2(33)SB7 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc00463 | Title: | protect Tcl directory & ESM activation |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: |
Symptom:
Introduce new command: "file scripts-url "
Conditions:
N/A
Workaround:
N/A
Further Problem Description:
It is not a bug but introducing of new CLI.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XND2, 12.2(33.2.1)XND2, 15.0(2)EX, 15.0(2)SE1, 15.0(2.12)DPB8, 15.0(5.21)SID, 15.1(1)SD5.1, 15.1(1)SG5.103, 15.1(1)SG5.124, 15.1(1)SG5.163 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtk03526 | Title: | Segmentation fault at Crypto IKEv2 process while scaling static CMs |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: An IOSd process crash may be observed on a Cisco ASR1K router
configured with static crypto maps with IKEv2.
Conditions: This symptom occurs after sending heavy and continuous
bidirectional traffic through a large number of static crypto maps configured
with IKEv2, and is not easily seen.
Workaround: There is no workaround.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: * | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtl00995 | Title: | ikev2: ASR1K with 1897 svti tunnels & ikev2 reloads @ IPSEC Key Engine |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: Cisco ASR 1000 series routers with 1000 or more DVTIs may reboot
when a shut/no shut operation is performed on the tunnel interfaces or the
tunnel source interfaces.
Conditions: This symptom occurs when all the DVTIs have a single physical
interface as tunnel source.
Workaround: Use different tunnel source for each of the DVTIs. You can
configure multiple loopback interfaces and use them as tunnel source.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(2)S, 15.1(3)S |
|
Known Fixed Releases: * | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCto64188 | Title: | ASR reload if mask assignment changes during "show ip wccp...detail" cmd |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: The Cisco ASR router may unexpectedly reload if WCCP mask assignment
changes while the show ip wccp service
detail command is in progress.
Conditions: This symptom occurs when WCCP mask assignment is in use.
The show ip wccp service
detail command displays a WCCP client mask assignment table
while, at the same time, the service group mask assignments are changed.
Workaround: Do not use the detail keyword while WCCP
redirection assignments may be changing. Instead, use the
clients and assignment keywords.
For example, if mask assignments may be changing, use the following two commands:
- show ip wccp web-cache clients
- show ip wccp web-cache assignment
Instead of the following command:
show ip wccp web-cache detail
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.0(1)S, 15.1(1)S, 15.1(2)S |
|
Known Fixed Releases: * | 15.0(1)S4.18, 15.0(1)S5, 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCto98212 | Title: | Router crashed when RIPng process is removed on interface twice |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptoms: When RIPng is removed from an interface from telnet and serial
console sessions at the same time, it causes the routers to crash.
Conditions: This symptom occurs when RIPng is configured on an interface and
two users are connected using two different console sessions.
Workaround: Do not configure the same RIPng through two different console
sessions.
|
|
Last Modified: | 01-FEB-2016 |
|
Known Affected Releases: | 15.1(2.13)S |
|
Known Fixed Releases: * | 15.0(2.26)DPB1.17, 15.0(2.26)DPB7, 15.0(2.28)DPB1.0, 15.0(5.21)SID, 15.1(1)SD5.1, 15.1(1)SG5.161, 15.1(1)SG5.162, 15.1(1)SG5.163, 15.1(1)SG5.169, 15.1(1)SG5.170 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux11291 | Title: | OTV adjacency does not come-up with VRF |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
OTV adjacency does not come-up with VRF
Conditions:
join-interface and lan interfaces configured in vrf
Workaround:
No Workaround
Further Problem Description:
NA
|
|
Last Modified: | 13-JAN-2016 |
|
Known Affected Releases: | 15.5(1)S |
|
Known Fixed Releases: * | 15.4(3)S4.5, 15.5(1)S2.25, 15.5(1)S3, 15.5(2)S2.1, 15.5(3)S1.1, 15.6(0.22)S0.12 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn63795 | Title: | A new cef entry added does not inherit all the forwarding attributes |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
The CTS (Cisco TrustSec) feature, uses the /32 cef entries to store IP-SGT (Security Group
Tag) bindings. When a new IP-SGT binding is added for an IP address that did not exist in the
cef table, a new /32 cef entry is added to the cef table, and this cef entry does not inherit
the forwarding attributes of features such as BGPPA, from its /24 parent.
Conditions:
all
Workaround:
none
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via
normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another
evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 12.2(33.7.20)SRE, 15.1(2)S1.4, 15.1(3)S |
|
Known Fixed Releases: * | 12.2(58)EY2, 12.2(58)EZ, 12.2(60)EZ, 12.2(60)EZ1, 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4, 12.2(60)EZ5, 12.2(60)EZ6, 15.0(0)XJR111.173 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv56407 | Title: | ASR1001-X crashed with "ip account mac output" config on interface |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
1001x crashed with EoMPLS config and mac account on core interface
Conditions:
Happens when running Entropy label feature with EoMPLS and flap RP for several times.
Workaround:
reload
Further Problem Description:
Null
|
|
Last Modified: | 10-JAN-2016 |
|
Known Affected Releases: | 15.5(1)S, 15.5(3)S, 16.2(0) |
|
Known Fixed Releases: * | 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.178), 16.2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux44780 | Title: | ASR1K/ISR4K crashes after removing tunnel interface |
|
Status: | Fixed |
|
Severity: | 2 Severe |
Description: | Symptom:
Removing a DMVPN tunnel interface with shared tunnel protection from the configuration using the 'no interface tunnel X' command, can cause an ASR1K (or ISR4K) platform to crash
Conditions:
Two or more DMVPN tunnels (using shared tunnel protection) are configured between the same two devices, sourced from the same interface and are separated by having one of the tunnels in an I-VRF (inside vrf)
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 12-JAN-2016 |
|
Known Affected Releases: * | 15.5(1)S, 15.5(2)S, 16.2(0) |
|
Known Fixed Releases: | 16.2(0.216) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCur91389 | Title: | Tracelogs on ASR1002-X [cmand]: (ERR): ISR0= not handled |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Error logs continuously printed on BINOS logs while they did not enabled NETSYNC
[cmand]: (ERR): ISR0= not handled
It does not have any functional impact.
Issue is seen from XE37 and it is a Day1 issue
Symptom:
Error logs continuously printed on BINOS logs while they did not enabled NETSYNC
[cmand]: (ERR): ISR0= not handled
It does not have any functional impact.
Issue is seen from XE37 and it is a Day1 issue
Conditions:
Netsync has to be disabled on ASR-1002x and Cable wont be connected under BITS port
Workaround:
Configure netsync input source [ listed below configs ], so that alarm will be raised and it will never go into ERROR logs
Configs needed to avoid the error log:
--------------------------------------
KP5#
network-clock synchronization automatic
network-clock synchronization mode QL-enabled
network-clock hold-off 0 global
network-clock input-source 1 External R0
network-clock wait-to-restore 0 global
KP5#
Further Problem Description:
|
|
Last Modified: | 04-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: | 15.3(3)S6, 15.4(3)S3, 15.5(1)S1, 15.5(2)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux01133 | Title: | interface counter stuck on build-in interfaces in ASR1001X |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
On asr1001x, If the build-in interface is shutdown, the p/s counter of show interface does NOT reduce, indefinitely.
Conditions:
When the interface is shutdown, the p/s counters from the show interface command does not reduce.
Workaround:
none
Further Problem Description:
none
|
|
Last Modified: | 06-JAN-2016 |
|
Known Affected Releases: | n/a |
|
Known Fixed Releases: | 15.4(3)S4.7, 15.5(3)S1.4, 15.6(0.22)S0.10, 16.2(0.183) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut74501 | Title: | ArgusX: cieIfResetCount is incrementing by one when interface goes down |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
When interface state goes from up to admin down (on executing shut command), object cieIfResetCount increments by one on ASR1K Ethernet SPAs.
When interface state come up from admin down (on executing no shut command), object cieIfResetCount again increments by one on ASR1K Ethernet SPAs.
So, for each interface reset (ie. combination of shut and no shut), cieIfResetCount increments by two.
Conditions:
Interface reset counter (cieIfResetCount) increments by two for each interface reset ((ie. combination of shut and no shut)
Workaround:
There is no workaround for this. This is a day one behavior. So, the reset counters will display a cumulative of shut and no shut commands and these counters should be interpreted accordingly.
Further Problem Description:
none
|
|
Last Modified: | 07-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw90588 | Title: | ASR1k not updating SGT-MAP table |
|
Status: | Terminated |
|
Severity: | 3 Moderate |
Description: * | Symptom:
SXP and SGT-MAP databases are out of sync
Conditions:
On ASR1K the sxp tags are not being deleted when sxp disabled. The show cts role-based sgt-map 10.128.41.51 output is different then the show cts sxp sgt-map when they should be in sync
S20-1001X-1#show cts sxp sgt-map | b 10.128.41.51
S20-1001X-1#show cts role-based sgt-map 10.128.41.51
Active IPv4-SGT Bindings Information
IP Address SGT Source
============================================
10.128.41.51 2 SXP
When you do a "no cts sxp enable" the mapping table entry remains in the "cts role-based sgt-map". "show cts role-based sgt-map" still shows entries after the disabling of the feature. The show "cts sxp sgt-map" is empty and therefore the cts role-based sgt-map for the 10.128.41.51 address should also be empty.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 07-JAN-2016 |
|
Known Affected Releases: | 15.4(3) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuv60858 | Title: | SSL-GW doesn't listen to the new IP after SSL Port and IP addr change |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Changing the SSLVPN port-number followed by changing the listening address results in SSLVPN-GW not listening to the new IP address
Conditions:
Client is connected to the GW with active traffic flow, we change the listening port of the SSLVPN-GW. Re-connect the client to the GW via the new port, and start traffic again, and this time change the listening IP address. At this the GW stops listening to SSLVPN connections completely.
Workaround:
flap the crypto ssl policy
Further Problem Description:
|
|
Last Modified: | 08-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S0.1 |
|
Known Fixed Releases: * | 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(1) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw21897 | Title: | Traceback seen with ip cef accounting |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Cisco IOS-XE router may show an error message in the logs:
%CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error
Conditions:
This issue can be seen when 'ip cef accouting' is configured with fast reroute when a routing protocol flaps.
Workaround:
Disable the function if possible - 'no ip cef accouting'
Further Problem Description:
|
|
Last Modified: | 10-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S2.1 |
|
Known Fixed Releases: * | 15.5(2)S2, 15.5(3)S1, 15.5(3)S1a, 15.6(1)S, 16.2(0.180), 16.2(1) |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux81971 | Title: | 637488237: ASR1k crash in nat_alg_create_session |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
Router running NAT crashes at nat_alg_create_session
hal_abort ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/hardware/cpp/common/hal_logger.c:81
2. 0x40337dd1 ipv4_nat_sess_getindex ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/infra/hash.c:100
3. 0x4034c534 ipv4_nat_find_session_entry_second ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/fw_nat_common/sessiondb.c:119
4. 0x403465e4 ipv4_nat_alg_create_session ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/nat/ipv4_nat_alg_common.c:1461
5. 0x40348025 ipv4_nat_process_token ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/nat/ipv4_nat_alg_common.c:2052
6. 0x4034854c ipv4_nat_alg_common_action_handler ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/nat/ipv4_nat_alg_common.c:2168
7. 0x40349880 ipv4_nat_alg_invoke ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/nat/ipv4_nat_alg_common.c:2475
8. 0x4034a4ac ipv4_nat_tcp_fixup ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/nat/ipv4_nat_tcp_fixup.c:522
9. 0x4034b030 ipv4_nat_l3_fixup ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/nat/ipv4_nat_fixup.c:209
10. 0x40357b71 ipv4_nat_translate ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/nat/ipv4_nat.c:3505
11. 0x4034f19d ipv4_nat_translate_out2in ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/dplane/feature/nat/ipv4_nat.c:6930
12. 0x4092ba5b ??
13. 0x40802478 infra_main ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/hardware/cpp/common/hal_feature_invoke.c:80
14. 0x40802944 pal_main ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/platform/mcp/mcp.c:77
15. 0x4080294e main ---> /auto/mcpbuilds24/release/03.17.00.S/BLD-V03_17_00_S_FC4/cpp/dp/hardware/cpp/common/hal_init.c:330
Conditions:
Router running Nat
Workaround:
Na
Further Problem Description:
Na
|
|
Last Modified: | 12-JAN-2016 |
|
Known Affected Releases: | 15.6(1)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCut49714 | Title: | GEC:QoS: pkt buff util high after apply/remove flat policy w/ fair-queue |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Packet buffer utilization goes high under oversubscription condition.
Conditions:
When using ASR1001-X, ASR1002-X or ESP100/200 hardware with aggregate port-channel feature. If there has been a QoS policy applied and removed from the port-channel interface which contains the "fair-queue" feature, we might see the packet buffer utilization goes high with oversubscribed traffic condition. If the packet buffers utilization goes really high, then the important control protocols packets might get dropped.
Workaround:
Don't apply and remove the QoS policy-map containing fair-queue feature to aggregate port-channel. If the condition is hit, then resetting ESP or reload router is needed.
Further Problem Description:
|
|
Last Modified: | 13-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S, 16.2(0) |
|
Known Fixed Releases: * | 16.3(0.46) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw89522 | Title: | ASR IOSD crash because of AVC feature |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ASR1k crash
Conditions:
AVC configuration change on the box
Workaround:
Avoid configuration changes on one vty session while executing show commands related to the same config in other vty session.
Further Problem Description:
|
|
Last Modified: | 20-JAN-2016 |
|
Known Affected Releases: | 15.3(3)S5.1 |
|
Known Fixed Releases: * | 15.4(3)M4.1, 15.4(3)S4.8, 15.5(3)M1.1, 15.5(3)S1.1, 15.6(0.22)S0.9, 15.6(1.10)T, 15.6(1.10)T0.1 |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuw53453 | Title: | "%EZMAN_RM-3-SERDES_AUTOTUNE_FAIL" error message with 100G CPAK |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: | Symptom:
"%EZMAN_RM-3-SERDES_AUTOTUNE_FAIL" error message with 100G CPAK
Conditions:
1. When a 100GCPAK is OIR'ed, %EZMAN_RM-3-SERDES_AUTOTUNE_FAIL: error mesages are seen without the cable inserted into the CPAK.
2. When the CPAK is OIR'ed with cable during the EPA bringup.
Workaround:
OIR the CPAK with the cable inserted.
Further Problem Description:
|
|
Last Modified: | 20-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S0.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCux97253 | Title: | Inter-OTV site multicast stream may not recover after AED failover |
|
Status: | Other |
|
Severity: | 3 Moderate |
Description: | Symptom:
Inter-OTV site multicast stream may not recover from disruption after an OTV AED failover event.
Conditions:
The problem is usually not seen with just one AED failover event and may take a few AED failover/failback events.
Workaround:
No workaround has been found.
Further Problem Description:
|
|
Last Modified: | 25-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S4.1 |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux73439 | Title: | ASR - hpet2 increasing min_delta_ns to 33750 nsec |
|
Status: | Open |
|
Severity: | 3 Moderate |
Description: * | Symptom:
ASR router may report hpet increasing min_delta_ns logs.
Zulu: %IOSXE-4-PLATFORM: R0/0: kernel: CE: hpet4 increasing min_delta_ns to 33750 nsec
Zulu: %IOSXE-4-PLATFORM: R0/0: kernel: CE: hpet3 increasing min_delta_ns to 33750 nsec
Zulu: %IOSXE-4-PLATFORM: R0/0: kernel: CE: hpet5 increasing min_delta_ns to 33750 nsec
Zulu: %IOSXE-4-PLATFORM: R0/0: kernel: CE: hpet2 increasing min_delta_ns to 33750 nsec
Conditions:
High Precision Event Timer (HPET) is used for timing. Logs are mostly seen as cosmetic.
Workaround:
Cosmetic logs.
Further Problem Description:
|
|
Last Modified: | 26-JAN-2016 |
|
Known Affected Releases: | 15.5(3)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux68942 | Title: | "debug platform software infrastructure punt mma" packets enhance |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Need to ease a way of debugging ASR1K/ISR4K/CSR Performance Monitor punt issues.
Conditions:
High records punt scale.
Workaround:
N/A
Further Problem Description:
|
|
Last Modified: | 26-JAN-2016 |
|
Known Affected Releases: | 16.3(0) |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux51271 | Title: | Need to add the attributes 32 and 30 under all status-query related |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Need to add the attributes 32 and 30 under all status-query related
Conditions:
need to add the attributes 30 called-station-id and 30 nas-id under the common attributes , so that it is available under all the user-profile-query status-query and other related query.
Workaround:
Further Problem Description:
|
|
Last Modified: | 26-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.5(3)S1.4, 15.6(1.17)S0.9, 16.3(0.50) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux43213 | Title: | SNMP over IPv6 link-local address does not work on IOS-XE routers |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
If SNMP uses the IPv6 link-local address SNMP fails.
Conditions:
If SNMP uses the IPv6 link-local address SNMP fails.
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 28-JAN-2016 |
|
Known Affected Releases: * | 15.6(3)S, 16.3(1) |
|
Known Fixed Releases: | 15.6(1.17)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsv79583 | Title: | CWDM gbics compatibility error on ASR1002 4XGE-BUILT-IN ports and ES20 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptoms: When coarse wavelength division multiplexing (CWDM) small form-factor
pluggable (SFP) module of any wave length is inserted in the GE port or OC48
port, the SFP module is disabled and the following message is displayed:
%TRANSCEIVER-3-NOT_COMPATIBLE: SIP0/0: Detected for transceiver module in
GigabitEthernet0/0/0, module disabled
The output of the show status command shows the following:
CE1#show hw-module subslot 3/3 transceiver 1 status
The transceiver in slot 3 subslot 3 port 1
has been disabled because:
the transceiver type is not compatible with the SPA.
and sfp will be disabled.
Conditions: This issue is seen with a new version of CWDM SFP in which the
EEPROM programming has been changed. All releases prior to Cisco IOS Release
12.2(33)SRE and 12.2(33)SRD3 are incompatible with the new SFP version. For the
Cisco ASR 1000, all software releases prior to 12.2(33)XNC release 3 and
release 4 are affected.
Workaround: Issue is not seen with the older version of SFP.
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNA1, 12.2(33)XNB1 |
|
Known Fixed Releases: * | 12.2(32.8.13)REC186, 12.2(33)MRA, 12.2(33)SB14, 12.2(33)SB15, 12.2(33)SB16, 12.2(33)SB17, 12.2(33)SB9, 12.2(33)SCF5, 12.2(33)SCG2, 12.2(33)SCG3 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsv61458 | Title: | [no] mpls ip propagate-ttl needs no mpls ip - mpls ip to take effect. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On an ASR 1000 router running IOS version 12.2(33)XN2, changes to "mpls ip propagate-ttl" don't take effect until "mpls ip" is removed and replaced on the interface.
Conditions:
The router is acting as a PE router.
Workaround:
None
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XN2 |
|
Known Fixed Releases: * | 12.2(32.8.1)REC186, 12.2(32.8.11)SX259, 12.2(32.8.4)REE177, 12.2(33)SRE, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsx42988 | Title: | CnH: debug ATM has multiple entries for same flag |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Debug ATM has multiple entries for same flag in mcp dev
Conditions:
All atm debugs show up twice in mcp.
Workaround:
No workaround
Further Problem Description:
There are different CLI's for IOU and IOS, and since MCP images are IOS on Unix, both the CLI's show up.
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 12.2(33.1.12)REM, 12.2(33.1.19)REM |
|
Known Fixed Releases: * | 1, 12.1(22)EA14, 12.2(18)IXH1, 12.2(18)SXF17b, 12.2(31)SGA10, 12.2(31)SGA11, 12.2(32.8.1)REC177, 12.2(32.8.1)REE177, 12.2(33)SRE, 12.2(33)SRE10 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsr40394 | Title: | Delete small buffer pool causes %ASR1000_INFRA-5-IOS_INTR_OVER_LIMIT TB. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Delete small buffer pool causes %ASR1000_INFRA-5-IOS_INTR_OVER_LIMIT traceback.
Conditions:
When the small buffer pool is configured with a user defined value, a traceback is generated when this buffer pool is deleted. This happens only in ASR routers.
Workaround:
None.
|
|
Last Modified: | 29-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XN, 12.2(33)XNB1, 12.2(33)XND, 12.2XN |
|
Known Fixed Releases: * | 12.2(32.8.1)REE186, 12.2(32.8.2)REC186, 12.2(33)SRE, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33)XNC0b |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb05792 | Title: | sh event manager environment all displays only 30 chars for variables |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
The router is configured for EEM policy execution (EDT) using SNMP. Give below is the SNMP and EEM configuration on the router. With this config if 'sh event manager environment all' is executed, complete environmanet variable value is not displayed.
Conditions:
event manager environment countdown_entry 60
event manager environment nok_msg it works
event manager environment match_cmd sh ip access-list STREAMING-TRAFFIC-ACL
event manager environment match_pattern remark Chicago.\(([0-9]+) matches
event manager environment ip_address 1.2.44.7
event manager environment rw_community lab
event manager environment acl_name STREAMING-TRAFFIC-ACL
event manager environment exp_owner 99.105.115.99.111
event manager environment exp_name 99.117.115.116.111.109.49
event manager directory user policy "bootflash:/usr/lib/tcl"
Workaround:
sh event manager environment VARIABLE
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: * | 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3, 15.1(2)SY4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd11663 | Title: | Nbase error when PD log write over its upper limit |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptoms:
Log console message N-BASE Error: Internal consistency check failed. Contact customer support displayed.
Conditions:
Occurs when buffer allocated for pd log is consumed.
Workaround:
None.
PSIRT Evaluation:
The Cisco PSIRT has evaluated this issue and does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via
normal resolution channels.
If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another
evaluation.
Additional information on Cisco's security vulnerability policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XND3, 12.2(33)XNE1, 12.2(33)XNF, 12.2(33.1.1)XNF1, 12.2(33.1.15)XNE, 12.2(33.1.3)MCP7, 12.2(33.2.1)XND2, 15.6(1)SN |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb36100 | Title: | uSBC RLS4: some fields are missed on "h248-ctrlr-status" trap |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Some fields are missed on h248-ctrlr-status trap.
.1.3.6.1.4.1.9.9.658.1.1.0 <--- csbAlarmSubSystem
.1.3.6.1.4.1.9.9.658.1.2.0 <--- csbAlarmServerity
.1.3.6.1.4.1.9.9.658.1.3.0 <--- csbAlarmID
.1.3.6.1.4.1.9.9.658.1.4.0 <--- csbAlarmTime
Conditions:
always
Workaround:
N/A
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNE, 12.2(33)XNE1, 12.2(33)XNF, 12.2(33.1.1)XNE, 12.2(33.1.3)MCP6, 15.6(1)SN |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux42536 | Title: | Polaris: Cannot execute Xconnect with pseudowire force switchover |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The exec command xconnect backup force-switchover or
l2vpn redundancy activate may fail with the message
%Xconnect: manual switchover failed
when attempting to switch over to a backup Any Transport over MPLS (AToM)
pseudowire.
Conditions:
This symptom has been observed on a dual-RP system after a Stateful Switchover
(SSO) has been performed.
Workaround:
Use the exec command clear xconnect or clear
l2vpn service to reset the state of the pseudowire prior after
performing SSO.
Further Problem Description:
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 16.2(0) |
|
Known Fixed Releases: * | 15.6(0.22)S0.12, 15.6(1.16)T, 15.6(1.17)S0.7, 16.2(0.245), 16.3(0.35), 7.3(0)D1(0.203), 7.3(0)IZN(0.13), 7.3(0)N1(0.265), 7.3(0)N1(1), 7.3(0)ZD(0.232) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtf11997 | Title: | Unconfig match <domain> regex from a call-policy-tabl does not work |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
For the following sbc-sbe config:
call-policy-set 1
first-call-routing-table RT-DSTADDR
rtg-dst-address-table RT-DSTADDR
entry 1
match-address ^bus[0-9][a-z] regex
The command "no match-address" would NOT delete (i.e. unconfig) the match-address.
Conditions:
This is also observed for the match-address under rtg-src-address-table configuration.
Workaround:
The workaround is to delete "entry 1" or "rtg-dst-address-table RT-DSTADDR"
or "call-policy-set 1".
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2XN |
|
Known Fixed Releases: * | 12.2(33)XNE2, 12.2(33)XNF1, 12.2(33.1.1)XNE3, 12.2(33.1.1)XNF1, 12.2(33.2.4)XNE1, 15.0(0.5)S, 15.1(0.1)S, 15.6(1)SN |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc80502 | Title: | ISSU(RLS4.2->5):%FRR_OCE-3-GENERAL: un-matched frr_cutover_cnt |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
FRR_OCE-3-GENERAL: un-matched frr_cutover_cnt message seen with tracebacks
Conditions:
Observed during ISSU upgrade from RLS4.2 to RLS5
Workaround:
There is no workaround
Further Problem Description:
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2XNE |
|
Known Fixed Releases: * | 12.2(32.8.3)YCA273.35, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33)XNE1, 12.2(33.1.16)XNE, 12.2(33.1.7)MCP7 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtb74413 | Title: | IPv6 General-prefix config stalled after conflict |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
A previously-confliciting general-prefix address will not be re-applied to an interface when the conflict is resolved and the interface shut/no shut.
Conditions:
The following example illustrates the problem:
ipv6 general-prefix cisco 2001:DB8::/32
int e0/0
ipv6 address 2001:DB8::2/64
int e1/0
ipv6 address cisco ::1:0:0:0:1/64
The general-prefix address configured on e1/0 conflicts with the address manually-configured on e0/0. When the command is configured on e1/0 an error message will be issued and no address will be applied to interface e1/0. However the configuration will remain on interface e1/0. This is as expected.
We now remove the source of the conflict by removing the address on e0/0:
int e0/0
no ipv6 address 2001:DB8::2/64
We now attempt to re-apply the address on e1/0:
int e1/0
shut
no shut
The address is not applied to e1/0.
Workaround:
The workaround for this problem is to remove and re-apply the general-prefix address on the affected interface.
e.g. In the example given above, the probelm can be resolved as follows:
int e1/0
no ipv6 address cisco ::1:0:0:0:1/64
ipv6 address cisco ::1:0:0:0:1/64
Further Problem Description:
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2MCP5 |
|
Known Fixed Releases: * | 12.2(1.1.2)SID, 12.2(32.8.2)YCA273.35, 12.2(33.1.5)MCP7, 12.2(55.14)DPA7, 12.2(56.1)SID, 12.2(58)EZ, 12.2(58)SE1, 12.2(58)SE2, 12.2(60)EZ, 12.2(60)EZ1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCte08213 | Title: | ASR1k: "tunnel mode ipv6ip auto-tunnel" CLI should be disabled. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
"tunnel mode ipv6ip auto-tunnel" CLI should be disabled.
Conditions:
"tunnel mode ipv6ip auto-tunnel" CLI should be disabled since not supported in cpp.
Workaround:
No workaround
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XND, 12.2(33.1.23)MCP5 |
|
Known Fixed Releases: * | 12.2(1.1.2)SID, 12.2(32.8.4)YCA273.10, 12.2(58)EZ, 12.2(58)SE1, 12.2(58)SE2, 12.2(60)EZ, 12.2(60)EZ1, 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCta23902 | Title: | DMVPN P3: seeing pkt drops due to Type: incomplete entry in NHRP Cache |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
On a DMVPN router, when the IPSec SA's are deleted, the NHRP holdtime is set to be 5 seconds.
This 5 seconds gap between IPSec and the corresponding NHRP cache entry could cause the
spoke to spoke tunnel to bounce under certain timing conditions.
Conditions:
This occurs only under certain timing conditions.
Workaround:
There is no workaround at this time.
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: * | 12.2(33)XNE, 12.2(33)XNE1, 12.2(33.1.23)MCP5, 12.4(15)T13, 12.4(15)T14, 12.4(15)T16, 12.4(15)T17, 12.4(24)MDA13, 12.4(24)MDB13, 12.4(24)MDB14 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCsz94201 | Title: | mcp_dev: PBR set interface null0 issues warning message |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
When "set interface null0" is configured under route-map (PBR) configuration,
IOS issues a warning message
%Warning:Use P2P interface for routemap set^M
interface clause^M
This is just a warning message but the set interface itself takes effect.
There is no operational impact.
Conditions:
When "set interface null0" is configured under route-map (PBR) configuration,
IOS issues a warning message
%Warning:Use P2P interface for routemap set^M
interface clause^M
This is just a warning message but the set interface itself takes effect.
Workaround:
There is no workaround.
Since it does not affect the router operation, workaround is not needed.
Further Problem Description:
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNE, 12.2(33.1.5)REI, 12.2XN |
|
Known Fixed Releases: * | 12.2(32.8.10)YCA273.15, 12.2(33.1.9)MCP7, 12.2(58)EZ, 12.2(58)SE1, 12.2(58)SE2, 12.2(60)EZ, 12.2(60)EZ1, 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCte18737 | Title: | SBC: deactivation-mode does not work |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Conditions:
when configured with "deactivation-mode abort" in dbe mode, input "no activate" by CLI , dbe should send one ServiceChange(MT=FO) to root termination. But the result is dbe sent SC to each termination.
Workaround:
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNF |
|
Known Fixed Releases: * | 12.2(33)XND, 12.2(33)XND3, 12.2(33)XNF, 12.2(33.1.1)XNF1, 12.2(33.1.10)MCP7, 12.2(33.1.23)XNE, 12.2(33.1.8)XNF, 12.2(33.2.1)XND2, 15.1(1)MR6, 15.1(3)MRA |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtc72651 | Title: | Crash seen after SSO Switchover on the new active RP with debugs enabled |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Crash will be seen on new RP after SSO with AToM debugs enabled.
Conditions:
Enabling AToM debugs which requests VC Accouting details from MFI during SSO.
Workaround:
None
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNE |
|
Known Fixed Releases: * | 12.2(32.8.1)YCA273.10, 12.2(33)SRE10, 12.2(33)SRE11, 12.2(33)SRE5, 12.2(33)SRE8, 12.2(33)SRE9, 12.2(33)SRE9a, 12.2(33.1.23)XNE, 12.2(33.1.8)MCP7, 12.2(33.1.9)XNF |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtl94226 | Title: | Limit the size of the database entries returned to parser code. |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ASR1K RP crash on issuing "show ip lisp database ? " command with scaled EID configuration.
Conditions:
Show ip lisp database ? command execution with scaled EID configuration.
Workaround:
Avoid execution of show ip lisp database with scaled EID configuration and instead use this command for specific EID query as shown below
show ip lisp database 192.168.0.0/24
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: * | 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(2)SY, 15.1(2)SY1, 15.1(2)SY2, 15.1(2)SY3, 15.1(2)SY4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn45452 | Title: | QoS: Excess size (Be) cannot be set to 0 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Be cannot be set to 0 on an ASR running 15.1(1)S.
In 15.0(1)S, this can be set.
#policy-map POL
#class class-default
Copernic(config-pmap-c)#shape average 1940000 19400 0
Copernic#sh policy-map int gig0/0/1.10
GigabitEthernet0/0/1.10
Service-policy output: POL
Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 0/0
shape (average) cir 1940000, bc 19400, be 19400 <<< be is not 0
target shape rate 1940000
Conditions:
This has been observed on an ASR running 15.1(1)S but not on 15.0(1)S.
Workaround:
Use 15.0(1)S.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: * | 15.1(2.10)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S, 15.1(3)S2, 15.1(3)S5, 15.1(3)S5a, 15.1(3)S6 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj13983 | Title: | ASR1K :Multicast replication failed on dmvpn p3 hub1 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Multicast replication fails
Conditions:
Happens with dmvpn p3 setup
Workaround:
None.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: * | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtq01303 | Title: | headers on DTMF should be whitelisted in default header editor |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Notify/Info based DTMF inteworking not work using default sip header editor
Conditions:
default sip editor is used
Workaround:
Config customized inbound/outbound sip header editor allowing header Allow,Call-Info,Event,Accept to be passed through
|
|
Last Modified: | 01-FEB-2016 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: * | 15.1(2)S1.3, 15.1(2)S2, 15.1(2.16)S0.7, 15.1(3)MR, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S, 15.1(3)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCth86054 | Title: | ASR1k QoS: Please set WRED default drop threholds as per IOS behavior |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
ASR WRED (Weighted Random Early Detect) default thresholds are not consistent to CCO documentation. For example, by default, AF22 has a higher low-drop-threshold compared to AF21.
Conditions:
WRED needs to configured.
WRED thresholds are left at default value.
Image version : 12.2(33)XNF01.
Workaround:
WRED parameters can be changed from default values with the cli "random-detect dscp [dscp-value] [min-threshold] [max-threshold] [marking probability denominator]" under the traffic class definition in a policy-map.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNF1, 15.1(2.9)S |
|
Known Fixed Releases: * | 15.1(2.16)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S, 15.1(3)S2, 15.1(3)S5, 15.1(3)S5a, 15.1(3)S6 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtl22249 | Title: | XE31:CUBE(SP) generate excessive ips/pdtrc for the same check failure |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
CUBE(SP) generate excessive ips/pdtrc for the same check failure
Conditions:
NBB_CHECK is encountered
Workaround:
N/A
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: * | 12.2(33)XNF, 12.2XN |
|
Known Fixed Releases: * | 15.0(1)S2.5, 15.0(1)S3a, 15.1(1)S0.5, 15.1(1)S1, 15.1(1.22)S0.5, 15.1(2)EY, 15.1(2)S, 15.1(2.1)S, 15.6(1)SN |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtk11677 | Title: | overhead accouting is not enbaled when configured shape average Bc+Be |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
when we configured "shape average x y z accounting used-defined x", it will not enable the overhead accounting thought it accept the CLI. Once you do "sh run", it only show "shape average x y z" and the part "accounting used-defined x" will be lost silently.
Conditions:
when configured the Be value with shape average x y z accounting used-defined x
Workaround:
configured without the Be value or without Be and Bc it will works fine:
shape average x accounting used-defined xX
shape average x y accounting used-defined xX
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XND |
|
Known Fixed Releases: * | 15.1(1.22)S0.4, 15.1(1.23)S, 15.1(2)EY, 15.1(2)S, 15.1(2)SNH1, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj71412 | Title: | Check after removing sbc in 2700_027 |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
SBC check occurs after issuing "no sbc Conditions:
This occurs after a failover or manual switchover has been done.
Workaround:
None - no impact as we are removing sbc in this step.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: * | 15.1(1)S0.2, 15.1(1)S1, 15.1(1.22)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S2, 15.1(3)S5, 15.1(3)S5a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj60964 | Title: | annexb=yes was appeared as well when add fmtp annexb=no in codec system |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
annexb=yes was appeared as well when add fmtp annexb=no in codec system
Conditions:
add fmtp annexb-no in codec system
Workaround:
null
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: * | 15.1(1)S0.4, 15.1(1)S1, 15.1(1.22)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S2, 15.1(3)S5, 15.1(3)S5a |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtd75807 | Title: | OSPF Slow Convergence on ASR1000 platform |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | None
Symptom:
OSPF route convergence may be slow when a large number of prefixes is
to be downloaded to the ESP.
Conditions:
This issue only occurs with RP1 and ESP-10 blades.
Workaround:
There is no workaround.
Further Problem Description:
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNC |
|
Known Fixed Releases: * | 15.0(2.12)DPB5, 15.1(1)SY, 15.1(1)SY1, 15.1(1)SY2, 15.1(1)SY3, 15.1(1)SY4, 15.1(1.22)S0.5, 15.1(2)EY, 15.1(2)S, 15.1(2)SNH1 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj08861 | Title: | SPA-1X10GE-WL-V2 %ETH_SPA_MAC-3-INTR_BURST observed in SPA reload |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
%ETH_SPA_MAC-3-INTR_BURST message is observed while the SPA-1X10GE-WL-V2 comes up following a simple reload.
Conditions:
Reloading SPA-1X10GE-WL-V2 with any type of reload option will cause %ETH_SPA_MAC-3-INTR_BURST message to appear on the console.
Workaround:
NA
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: * | 15.1(1.22)S0.8, 15.1(2)EY, 15.1(2)S, 15.1(2)SNH1, 15.1(2.3)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj69622 | Title: | N-BASE error when re-configure subscriber adj |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
N-BASE error when re-configure subscriber adj
Conditions:
Configure subscriber and sip-contact, add adj, then delete this adj and add a new adj, SBC will throw out N-BASE error
Workaround:
na
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: * | 15.0(1)S2.11, 15.0(1)S3a, 15.1(1)S1.7, 15.1(1)S2, 15.1(2)EY, 15.1(2)S0.4, 15.1(2)S1, 15.1(2.3)S, 15.1(2.6)S, 15.1(3)MRA |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj06067 | Title: | Chunk memory leak on the process MallocLite @__be_pdb_distance |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Chunk memory leaks seen on process "MallocLite" while configuring shared tunnel protection on ASR router
Conditions:
One can see the leaks after unconfiguring tunnel interface after building a spoke-spoke tunnel.
Workaround:
None
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(0.18)S0.3, 15.1T, 15.2TPI16 |
|
Known Fixed Releases: * | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtk97693 | Title: | cannot no SBE network-id |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Nbase error when you "no network-id" under sbe
Conditions:
Always
Workaround:
Use "network-id 0" to set it to default value
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.0(1)S2 |
|
Known Fixed Releases: * | 15.1(1)S0.5, 15.1(1)S1, 15.1(1.22)S0.9, 15.1(2)EY, 15.1(2)S, 15.1(2.1)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj61454 | Title: | strange problems when provision under codec system and cann't delete it |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
strange problems when provision under codec system and cann't delete it
Conditions:
provision under codec system and try to delete it
Workaround:
null
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: * | 15.1(1)S0.4, 15.1(1)S1, 15.1(1.22)S0.2, 15.1(1.24)S, 15.1(2)EY, 15.1(2)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtk67035 | Title: | GETVPN: multiple registrations to KS on GM when COOP is down |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
When KS2(coop is down) and if i do swithcover on GM1 or GM2, after GM switchover, it tried to register with KS2 and then GM tried to register with KS1, which is correct.. But even after registration is successful with KS1, it again tried to register with KS2 when KS2 is still down
and it register with KS1 again.. so here it registeted twice with KS1.
Conditions:
COOP SHOULD BE DOWN
Workaround:
NONE
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(3.5)T, 15.1(3.6)T |
|
Known Fixed Releases: * | 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH, 15.0(2)EJ, 15.0(2)EJ1, 15.0(2)EK, 15.0(2)EK1, 15.0(2)EX |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtk67134 | Title: | B2B HA SBC - Active box's MIB stub was not initializated |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
After switchover by command 'redundancy application reload group 1 self', the active box's MIB stub was not initializated and can't execute command 'show run', also can't dump sbc diagnostics. It can't be reproduced all the time but once it come out need reload box to recover.
Conditions:
Performe command 'redundancy application reload group 1 self' in interchassis redundancy scenario.
Workaround:
Reload both routers.
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(1)S |
|
Known Fixed Releases: * | 15.1(1)S0.3, 15.1(1)S1, 15.1(1.22)S0.1, 15.1(1.23)S, 15.1(2)EY, 15.1(2)S, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn79748 | Title: | [LI, B2BHA, XE33] remove LI when B2BHA is enable, crash occurs |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
N/A
Conditions:
Traceback and check failure occur when I try to remove configuration via SNMPv3 ( B2BHA feature is enabled )
Workaround:
N/A
|
|
Last Modified: | 01-FEB-2016 |
|
Known Affected Releases: | 15.1(2)S |
|
Known Fixed Releases: * | 15.1(2)S1.3, 15.1(2)S2, 15.1(2.16)S0.7, 15.1(3)MR, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S, 15.1(3)S2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtk99985 | Title: | Src/Dest ip address is not seen in NHRP resolution request in ASR |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: |
Symptom:
Source & destination ip address are not displayed in NHRP resolution request when doing "debug nhrp
packet".
Conditions:
In phase 2 dmvpn network, enable "debug nhrp packet" and ping host behind spoke 2 from host behind
spoke 1 to trigger resolution request.
Workaround:
None
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNF1 |
|
Known Fixed Releases: * | 15.0(1)M10, 15.0(1)M5.5, 15.0(1)M7, 15.0(1)M8, 15.0(1)M9, 15.0(2)EA, 15.0(2)EB, 15.0(2)EC, 15.0(2)ED, 15.0(2)EH |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtj58507 | Title: | OSPFv3 "router-id" configuration lost after SSO |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
IPv6 OSPF "router-id" configuration lost after switchover
Conditions:
router-id command does not get sync to standby RP if
operational router id on primary RP is the same as
what is coming from router-id command.
More info:
This is specific to ospfv3.
Problem was introduced by CSCsf17954(2009)
Workaround:
If operational router id is not the same as "router-id"
then command will be synced to standby RP
|
|
Last Modified: | 01-FEB-2016 |
|
Known Affected Releases: | 15.0(1)S, 15.1(2.13)S |
|
Known Fixed Releases: * | 12.2(60)EZ2, 12.2(60)EZ3, 12.2(60)EZ4, 12.2(60)EZ5, 12.2(60)EZ6, 15.0(1)S4.3, 15.0(1)S5, 15.0(1)SY, 15.0(1)SY1, 15.0(1)SY2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCto73139 | Title: | [MCP, RP2] SBC dump hangs on nightly built image |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: * | Symptom:
Conditions:
I'm using , after reloading, issue , SBC dump process hangs there. No pd/ips trace generated.
ASR1006-14#show proc | inc SBC
62 Mwe 528F9D9 10 231 4322304/24000 0 SBC IPC Hold Que
166 Mwe 2F33BA1 1 1 100010352/12000 0 SBC initializer
244 Mwe 5657CAB 10 5 200021712/24000 0 SBC Msg Ack Time
354 ME 11CAAD8 0 1 046816/48000 0 SBC Dump Diagnos
447 Mwe 523CE4B 359 75310 4360816/400000 0 SBC main process
464 Mwe 52866C6 30 1102 2786880/96000 0 SBC RF config sy
468 Mwe 564DE0B 0 1 023592/24000 0 SBC Calls Timer
471 ME 11CAAD8 0 1 046800/48000 0 SBC Dump Diagnos
472 ME 11CAAD8 0 1 046800/48000 0 SBC Dump Diagnos
three "SBC Dump Diagnos" processes hangs.
Workaround:
N/A
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(3)S |
|
Known Fixed Releases: * | 15.1(2)EY, 15.1(2)S0.5, 15.1(2)S1, 15.1(2.16)S0.3, 15.1(3)MR, 15.1(3)MRA, 15.1(3)MRA1, 15.1(3)MRA3, 15.1(3)MRA4, 15.1(3)S |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtn63934 | Title: | CPU hog and traceback with scale BGP MDT configuration |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Commited memory hike spikes and traceback back seen intermittently
Conditions:
issue seen either while running the script
or
manually performing hw-module subslot 0/2 reload
Workaround:
none
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.1(1)S, 15.1(2)S |
|
Known Fixed Releases: * | 12.2(33)CX, 12.2(33)SB11, 12.2(33)SB14, 12.2(33)SB15, 12.2(33)SB16, 12.2(33)SB17, 12.2(33)SCH, 12.2(33)SCH0a, 12.2(33)SCH1, 12.2(33)SCH2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCuw53543 | Title: | Stale entries for unauthenticated user in ISG dont clear . |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
The unauth sessions are configured to expire in 2 mins, but many unauth sessions are showing up for several weeks.
Conditions:
Previous event Account-Logon exited without clearing some flag after some time when the timer expires Timer-expiry event is waiting for previous event to clear the flag, because of this session is in stale state. This happens where Account-logon exited without clearing the flag.
Workaround:
This issue is seen only on HA setup, on single RP this issue will not be seen.
Further Problem Description:
Not all unauth sessions are remaining stale, many others are getting removed from ISG .
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 15.4(3)S |
|
Known Fixed Releases: * | 15.4(3)S4.1, 15.5(2)S2.1, 15.5(3)S1.1, 15.6(0.22)S0.14, 15.6(1.12)S, 16.2(0.273), 16.3(0.72) |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtq71462 | Title: | ASR1K:GEC: Config of MTU should not be allowed on port-channel subifaces |
|
Status: | Fixed |
|
Severity: | 3 Moderate |
Description: | Symptom:
Configure MTU over on a port-channel interface is not inherited by the port-channel sub-interfaces, and when try to configure MTU on a port-channel sub-interface, the command get accepted without any errors, but config MTU on port-channel again will not work anymore. The MTU setting over port-channel should be inherited by port-channel sub-interface, and MTU setting on a port-channel sub-interface should be blocked.
Conditions:
Configure MTU over port-channel interface and sub-interfaces with IOS-XE version XE3.4.2s.
Workaround:
No workaround, configuring MTU does not work for port-channel sub-interface.
|
|
Last Modified: | 01-FEB-2016 |
|
Known Affected Releases: | 15.0(1)S |
|
Known Fixed Releases: * | 15.0(10.24)EMW, 15.0(6.98)EMD, 15.0(7.1)EMW, 15.0(9.1)PCD, 15.0(9.41)SDN, 15.1(1.23)SID, 15.1(2)SG, 15.1(2)SG1, 15.1(2)SG1.170, 15.1(2)SG2 |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCus35015 | Title: | PFR - 'set trigger-log-percentage' not showing in config |
|
Status: | Fixed |
|
Severity: | 4 Minor |
Description: | Symptom:
When 'set trigger-log-percentage 100' is configured under a pfr-map, the change does not show up in the running configuration
Conditions:
Configure "'set trigger-log-percentage" under a pfr-map, the change does not show up in the running configuration
Workaround:
None.
Further Problem Description:
Switchname#show pfr master policy
Default Policy Settings:
backoff 90 900 90
delay relative 50
holddown 90
periodic 0
probe frequency 56
number of jitter probe packets 100
mode route control
mode monitor fast
loss relative 10
jitter threshold 20
mos threshold 3.60 percent 30
unreachable relative 50
trigger-log percentage 100
oer-map MAP 4
sequence no. 8444249301581824, provider id 1, provider priority 30
host priority 0, policy priority 4, Session id 0
match oer learn list RICHMOND_VOICE_LIST
backoff 90 900 90
delay relative 50
holddown 90
periodic 0
*probe frequency 4
number of jitter probe packets 100
*mode route control
*mode monitor fast
loss relative 10
jitter threshold 20
*mos threshold 4.0 percent 20
*unreachable threshold 100000
next-hop not set
forwarding interface not set
trigger-log percentage 30
*resolve mos priority 1 variance 10
Forced Assigned Target List:
active-probe jitter 10.1.22.1 target-port 2000 dscp ef codec g711ulaw
active-probe jitter 10.1.22.2 target-port 2000 dscp ef codec g711ulaw
oer-map MAP 6
Switchname#show pfr master policy | in log
trigger-log percentage 100
trigger-log percentage 30
trigger-log percentage 30
trigger-log percentage 30
Switchname#show run | in log
service timestamps log datetime localtime show-timezone
logging buffered 10000 informational
logging console errors
aaa authentication login default group tacacs+ line
trigger-log-percentage 100
log config
bgp log-neighbor-changes
deny ip any any log
logging source-interface Loopback129
logging host XX.XX.XX.XX
snmp-server enable traps syslog
privilege exec level 0 show logging
logging synchronous
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
logging synchronous
logging synchronous
Switchname#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switchname#(config)#
Switchname#(config)#
Switchname#(config)#privilege exec level 0 show pfr
Switchname#(config)#pfr-map MAP 4
Switchname#config-pfr-map)# set trigger-log-percentage 100
Switchname#(config-pfr-map)#pfr-map MAP 6
Switchname#(config-pfr-map)# set trigger-log-percentage 100
Switchname#(config-pfr-map)#pfr-map MAP 7
Switchname#(config-pfr-map)# set trigger-log-percentage 100
Switchname#config-pfr-map)#
Switchname#config-pfr-map)#^Z
Switchname#show pfr master policy | in log
trigger-log percentage 100
trigger-log percentage 100
trigger-log percentage 100
trigger-log percentage 100
Switchname#show run | in log
service timestamps log datetime localtime show-timezone
logging buffered 10000 informational
logging console errors
aaa authentication login default group tacacs+ line
trigger-log-percentage 100
log config
bgp log-neighbor-changes
deny ip any any log
logging source-interface Loopback129
logging host XX.XX.XX.XX
snmp-server enable traps syslog
privilege exec level 0 show logging
logging synchronous
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
logging synchronous
logging synchronous
|
|
Last Modified: | 27-JAN-2016 |
|
Known Affected Releases: | 15.3(1)S, 15.4(2)S |
|
Known Fixed Releases: * | 15.4(3)M4.1, 15.5(3)M1.1, 15.5(3)S1.4, 15.6(0.22)S0.14, 15.6(1.12)S, 15.6(1.12)T |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCtl57962 | Title: | The command "sh sbc <name> dbe" accepts any name |
|
Status: | Fixed |
|
Severity: | 5 Cosmetic |
Description: * | Symptom:
No Error displayed on wrong command "show sbc dbe flow-pair statistics"
Conditions:
None
Workaround:
None
|
|
Last Modified: | 31-JAN-2016 |
|
Known Affected Releases: | 12.2(33)XNF2 |
|
Known Fixed Releases: * | 15.1(2.3)S, 15.1(2.6)S, 15.1(3)S, 15.6(1)SN |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux90117 | Title: | Per prefix load-sharing method to per destination load-sharing |
|
Status: * | Other |
|
Severity: * | 6 Enhancement |
Description: | Symptom:
rm7-208d#sh cef interface tun 3
Tunnel3 is up (if_number 23)
Corresponding hwidb fast_if_number 23
Corresponding hwidb firstsw->if_number 23
Internet address is 192.54.28.57/30
ICMP redirects are never sent
Per prefix load-sharing is enabled --------------------------------------------
Conditions:
interface Tunnel3
description To rm50-115c, Phoenix, AZ
bandwidth 10000000
ip address 192.54.28.57 255.255.255.252
no ip proxy-arp
ip flow ingress
ip pim sparse-mode
load-interval 30
qos pre-classify
tunnel source 192.54.28.9
tunnel mode ipsec ipv4
tunnel destination 192.54.28.10
tunnel path-mtu-discovery
tunnel protection ipsec profile TRANSPORT-PROFILE
end
Workaround:
none
Further Problem Description:
|
|
Last Modified: | 27-JAN-2016 |
|
Known Affected Releases: | 15.3(2.16)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | New |
Bug Id: | CSCuy05804 | Title: | Additional commands to be able to view files in the virtual file systems |
|
Status: | Open |
|
Severity: | 6 Enhancement |
Description: | Symptom:
Additional command to view files in virtual file system in iosd CLI
Conditions:
N/A
Workaround:
we can connect to shell and run ls -l
Further Problem Description:
This command will enhance troubleshooting the memory leaks on virtual file system from IOS command line
|
|
Last Modified: | 30-JAN-2016 |
|
Known Affected Releases: | 15.5(2)S |
|
Known Fixed Releases: | |
|
|
| |
| |
|
Alert Type: | Updated * |
Bug Id: | CSCux71517 | Title: | IPv6 PBR recursive nexthop not working in a VRF |
|
Status: | Open |
|
Severity: * | 6 Enhancement |
Description: * | Symptom:
IPv6 PBR recursive nexthop not working in a VRF.
PBR policy not programmed and traffic is forwarded like PBR was not applied
Conditions:
Apply IPv6 PBR with recursive nexthop in a VRF:
route-map PBRSIS_v6 permit 10
match ipv6 address SIS_v6
set ipv6 next-hop recursive 2001:10:20:30::40
ipv6 access-list SIS_v6
permit ipv6 any any
Workaround:
None
Further Problem Description:
|
|
Last Modified: | 05-JAN-2016 |
|
Known Affected Releases: | 15.3(3)S3 |
|
Known Fixed Releases: | |
|
|
| |
2015 Cisco and/or its affiliates. All rights reserved. 
没有评论:
发表评论