These release notes describe new features for the Cisco 2600 series routers that support Cisco IOS Release 12.0, up to and including Release 12.0(2). Cisco IOS Release 12.0(2) is based on Cisco IOS Release 12.0. These release notes are updated with each maintenance release of the Cisco IOS software, which is typically every 6 weeks.
Cisco Systems extends enterprise-class versatility, integration, and power to branch offices with the Cisco 2600 series. The Cisco 2600 series routers are cost-effective, modular access routers designed to enable customers to easily adopt future technologies and scale to accommodate network expansion, thereby protecting the customer's investment. The Cisco 2600 series shares modular interfaces with the Cisco 1600, 1700, and 3600 series, providing a cost-effective solution to meet today's branch office needs for applications such as the following:
Secure Internet/intranet access
Multiservice voice/data integration
Analog and digital dial access services
Virtual Private Network (VPN) access
The Cisco 2600 series' modular architecture provides the versatility needed to adapt to changes in network technology as new services and applications become available. Driven by a powerful RISC processor, the Cisco 2600 series supports the advanced Quality of Service (QoS), security, and network integration features required in today's evolving enterprise networks.
To determine the version of Cisco IOS software currently running on a Cisco 2600 router, log into the router and use the show version EXEC command. The following is sample output from the show version command. The version number is indicated on the second line as shown below:
Cisco Internetwork Operating System Software
IOS (tm) 2600 Software (c2600-i-mz), Version 12.0(2), RELEASE SOFTWARE
Additional command output lines include more information, such as processor revision numbers, memory amounts, hardware IDs, and partition information.
At the time of printing, no product bulletins were available for upgrading to Cisco IOS Release 12.0. For general information on updating to a new software release, refer to the Cisco IOS Software Release Upgrade Paths and Packaging Simplification product bulletin located on CCO. On CCO, follow this path:
Products and Ordering: More Information: Product Bulletins. Scroll to Software. Under Cisco IOS 11.3, click the Upgrade Paths bulletin.
This bulletin does not contain information specific to Release 12.0, but it does provide updating information that might apply to Release 12.0.
Cisco IOS software is packaged in feature sets (also called software images) depending on the platform. Each feature set contains a specific set of Cisco IOS features. The following section lists the feature set matrix and the features supported by each feature set.
The feature set matrix (Table 3) shows the feature set organization and lists which feature sets are available on the Cisco 2600 series for Release 12.0. Table 3 lists the Cisco IOS software feature sets available for the Cisco 2600 series in Cisco IOS Release 12.0, including the feature set name, the feature set matrix term, the software image name, and the supported platforms.
1This feature is offered in the Basic feature set. 2This feature is offered in the Plus feature set. 3This feature is offered in the encryption feature sets which consist of 40-bit (Plus 40) data encryption feature sets. 4This feature is offered in the encryption feature sets which consist of IPsec 56-bit (Plus IPsec 56) data encryption feature sets.
Cisco IOS images with strong encryption (including, but not limited to, 56-bit data encryption feature sets) are subject to U.S. government export controls, and have a limited distribution. Images to be installed outside the U.S. require an export license. Customer orders might be denied or subject to delay due to U.S. government regulations. Contact your sales representative or distributor for more information, or send e-mail to firstname.lastname@example.org.
Table 4 and Table 5 list the features and feature sets supported by Cisco IOS Release 12.0 for the Cisco 2600 Series. Both tables use the following conventions to identify features:
Yes---The feature is supported in the feature set.
No---The feature is not supported in the feature set.
Note This feature set table contains only a selected list of features. This table is not a cumulative or complete list of all the features in each image.
This section lists some of the features available for the Cisco 2600 Series in Cisco IOS Release 12.0 software. For more information about these features, refer to the cross-platform Release Notes for Cisco IOS Release 12.0 located on Cisco Connection Online (CCO) and the Documentation CD-ROM.
Additional Vendor-Proprietary RADIUS Attributes
Always On/Dynamic ISDN (AO/DI)
ATM PVC Management
Automated Double Authentication
Certificate Authority Interoperability
DRP Server Agent Enhancements
Internet Key Exchange Security Protocol
Microsoft Challenge Handshake Authentication Protocol Support (MS-CHAP)
Microsoft Point-to-Point Compression (MPPC)
Multiple ISDN Switch Types
Named Method Lists for AAA Authorization and Accounting
Older Cisco Management Information Bases (MIBs) will be replaced in a future release. OLD-CISCO-* MIBS are currently being migrated into more scalable MIBs, without affecting existing Cisco IOS products or NMS applications. Application developers should update from deprecated MIBs to the replacement MIBs as shown in Table 6 below.
This section contains open and resolved caveats for the Cisco IOS Software Release 12.0(2) maintenance release as it applies to the Cisco 2600 series products. This is a partial list. For the complete list of caveats in the Cisco IOS Release12.0, refer to the "Caveats" section in the cross-platform Release Notes for Cisco IOS Release 12.0 document located on CCO and the Documentation CD-ROM. This section contains caveats affecting all maintenance releases.
Note If you have an account with CCO, you can use Bug Navigator II to find caveats of any severity for any release. Bug Navigator II can be found at http://www.cisco.com/support/bugtools, or from CCO, select Software & Support: Tools: Bug Toolkit II.
When h/w compression is enabled, packets are normally fast-switched. If the user turns off fast-switching then turns it back on, fast-switching remains disabled.
The workaround is to re-configure compression (ex, "no comp/comp stac").
Currently Generic Traffic-shaping and Frame-relay traffic-shaping is not supported with turbo(Optimum/CEF) switching modes and so we need to disable these turbo switching modes to make traffic-shaping work over the interface. This fix will allow turbo switching modes to co-exist with Traffic-shaping.
The disconnect-cause and disconnect-cause-ext attributes are missing in the tacacs+ network accounting stop record.
Cannot enter the configuration command: aaa authorization exec tacacs.There is no workaround.
Under certain conditions, DECnet does not send triggered routing updates after an adjacency comes up. If (periodic) routing updates are sent out frequently (default frequency being 40 seconds), this is not an issue, since an update gets sent out in a short time, and routes are discovered. However, if the routing update timer has been configured to be a large value, then routes may not get discovered for a long time.
The workaround is to configure a smaller value for the routing update timer.
A new configuration command, ip spd mode aggressive, is available. When configured, all IP packets that fail sanity check, such as "bad checksum not version 4", and "bad TTL," will be dropped aggressively to guard against bad IP packet spoofing. The show ip spd command displays whether aggressive mode is enabled or not. SPD random drop in RSP is supported.
When enabled, SPD now works as follows:
When the ip spd mode aggressive command is issued, IP packets that fail sanity checks are classified as aggressive droppable packets.
When the IP input queue reaches SPD min-threshold (specified by ip spd queue min-thresholdn), all aggressive droppable packets are dropped immediately while normal IP packets (not high-priority SPD packets) are dropped with increasing probability as the length of the IP input queue grows.
When the IP input queue reaches SPD max-threshold (specified by ip spd queue max-thresholdn), all normal IP packets are dropped at 100 percent.
The default SPD min-threshold is 10 while the default max-threshold is 75.
To avoid an input interface that takes too many router resources, new packets (SPD or non-SPD) received from that interface are dropped when the interface has more than the input hold queue limit of input packets floating somewhere in the router.
In the configuration:
Host | -----------LAN | | Active Standby | | net net
The standby router will do proxy arp reply even though it's not active. This is because the active router may not reply if the next hop is through the LAN. When the standby router replies it puts the virtual MAC address in both the ARP field and in the MAC layer field.
If the active and standby routers are on different ports on a switch, the switch learns the virtual MAC address from both of them and may thrash its MAC layer cache.
The workaround is to disable proxy arp.
NAT will only translate the first address entry in an NBNS group name response message. Other group name address entries will not get translated and therefore the NetBios client will ONLY be able to reach the first group address host. Since it would be using an Inside Local address from the outside for the other members of the NBNS group name.
With sync and certain topologies, some bgp routes may not get advertised after peer reset. The workaround is to configure "no sync", or "clear ip bgp x.x.x.x".
Encrypted TCP sessions are pausing when passing over an MPP bundle as soon as two or more members in the bundle become active. This behavior can ONLY be observed when building a TCP session between hosts on the LAN interface of two routers connected via encrypted MPP. Current workaround is to switch off fast-switching on the LANs.
The router will not handle TCP flows according to qos weight defined after a reload or wr mem/conf mem.
When using a kerberized telnet to communicate between two cisco routers, the credentials may not be forwarded.
If a loopback interface is configured, then later unconfigured, and afterwards an Interface Processor is On-Line Inserted or Removed (OIR'd), the following symptoms may occur:
1) A syslog message is logged to indicate that the previously unconfigured loopback interface is up. However, the loopback interface is not actually up. This is simply an incorrect console message. No workaround is needed.
2) show ip route connected lists the previously unconfigured loopback. There is a connected route for an interface that should not exist. This symptom has been seen only once and cannot be reproduced. The only known workaround for this symptom is to reload the router.
When doing a encrypted kerberized telnet to a router, the initial setup goes fine, but garbage output results when decryption of packets from the router occurs on the client side. No known workaround.
A clear vpdn tunnel for a tunnel using L2F Protocol, sends individual close packets for all L2F sessions (Mids), rather than a single close packet for the tunnel itself. The result is congestion on the WAN interfaces on the requesting peer. Simultaneously, the receiving peer is not able to keep up with the flood of multiple L2F close packets, resulting in dropped packets and interface throttles. Another side-effect is that the remaining Mids take a long time idle out and eventually close.
Router configuration autoinstall over Frame Relay link would fail with v12.0(0.7) and on. -- Autoinstall is to load router configuration file from a TFTP server at boot time when NVRAM has no configuration and user elects not to enter configuration from the console but to proceed with autoinstall. When the autoinstall accessing media to the TFTP server is Frame Relay, the function would fail. Older versions, like 11.3, 11.3T, etc. do not have this problem.
When configuring xot keepalives on the x25 route statements, the router might restart with following (decoded) traceback:
c3640-js-mz.113-6.1.symbols read in Enter hex value: 0x605FF664 0x605FF664:xot_update_keepalive(0x605ff644)+0x20 Enter hex value: 0x606094F8 0x606094F8:x25swt_verify_call(0x606092e4)+0x214 Enter hex value: 0x6060D880 0x6060D880:x25swt_process_incoming_call(0x6060d840)+0x40 Enter hex value: 0x6060D7CC 0x6060D7CC:x25swt_flagged_wakeup(0x6060d704)+0xc8
Under heavy usage conditions on an X.25 serial link, a Cisco router running translated X.25 to Virtual Async connections (PPP/IPX) might reload. This appears to be an infrequent occurrence. There is no known workaround.
VPDN does not support MS-CHAP. The workaround is to use CHAP or PAP.
This section describes possibly unexpected behavior by Release 12.0(1). Unless otherwise noted, these caveats apply to all 12.0 releases up to and including 12.0(1). For additional caveats applicable to Release 12.0(1), see the caveats sections for newer 12.0 releases. The caveats for newer releases precede this section.
All the caveats listed in this section are resolved in release 12.0(2).
Appletalk subinterfaces on SMDS return the wrong SMDS address when an AARP request is sent. The router returns the SMDS address associated with the first subinterface regardless of which subinterface is associated with the AARP request.
RTR will not be able to connect to Mainframe, if the modename is less than 8 characters.
A no traffic-shape group crashes router.
Starting in 11.3(5.1)T, a reverse-telnet connection that receives a telnet BREAK sequence will fail to send an rs232 BREAK to the associated async line. An outgoing telnet connection that receives a telnet BREAK sequence will also fail to output a BREAK condition, and this instance of the problem has existed for quite some time.
The APPN router may display a single conloser cp-cp session. This cp-cp session cannot be deactivated using the appn stop cp-cp command. As a workaround, stopping the appn link will clear this problem.
When control units are being removed by the router based on host or end device activity, show bsc command on the router crashes it. The "show bsc" accesses a linked list of control unit blocks to print information. While it is blocked for printing, some other process removes a control unit from the linked list, causing the "show bsc" routine to access a invalid memory location.
No known workaround.
If DLSw is configured to use TCP as the transport, and if the following conditions are met, a TCP packet coming from the peer could get stuck in the TCP buffers of the router.
There are no keepalives between the peers (like in an ISDN connection)
There is not heavy traffic between the peers using the DLSw pipe
A packet coming from the peer is 1 to 3 bytes in excess of the MSS (Maximum Segment Size) of the receiver
In this case, the receiving TCP does not give the assembled packet to DLSw until another packet comes down the pipe.
Workaround could be to adjust the MAXDATA (MAX PIU) of the end node to the value of (MSS-16) bytes (considering 16 bytes of DLSw header) in case of SNA.
When running bisync on a branch router connected to an NCR5085 cash machine, under unusual conditions if a corrupted acknowledgment is received from the ATM XA machine, may see the input queue on the serial interface connected to the ATM machine get into a wedged state. If the serial interface is in this state, the show interface display will show the value of 'input queue' to be 75/75. A workaround to get the interface working again is to shutdown the interface and bring it back up. An additional work around to schedule the shut/no shut is to increase the interface input hold queue size by issuing hold-queue 150 in under the bisync interface.
This problem occurs on a Cisco 2600 running Release 11.3(5)T and configured for BSTUN/Frame Relay. A portion of the Frame Relay configuration disappeared and the encapsulation changed from Frame Relay to BSTUN with the show interface command. It causes the Frame Relay link to go down when the router is reloaded. There is no workaround.
An APPN router may reload with the following traceback error in the show stack log capture.
System was restarted by error - a Software forced crash, PC 0x601EED8C
Stack trace from system failure: abort(0x601eed84)+0x8 crashdump(0x601ed76c)+0x18 Pexit(0x608dc608)+0x88 LP_lpid_deallocate(0x608db3e8)+0x68 psp01b(0x608117b0)+0x9c psp00(0x60810b10)+0x230
An APPN router may reload with a SegV exception in psp00 after the following message is displayed in a rare race condition.
%APPN-6-APPNSENDMSG: APPN Allocate 613D1F8C to NETA.MVS1 timed out for TP "001.
System was restarted by error - a SegV exception, PC 0x606AE270
If ACTLU is sent to end-station for locaddr not yet defined it will send -ve response and LU will stay conct. When LU is added to end-station and VTAM sends ACTLU again, DLUR router does not forward ACTLU to end-station.
VTAM displays LU as PACTL, router display shows Starting.
The APPN router enlarges its lfsid table from a small model to a large model if greater than 12 sidls are active for a specific sidh. The large lfsid table requires substantially more memory.
CSCdk54687 increases the number of entries in the small lfsid table to the maximum number of sidl's which fit into this table. This requires no additional memory per link, but increases the number of sidls supported in the small lfsid table. Thus, in customer networks which typically support 17 LUs/PU, the APPN router may use significantly less memory.
DLUR routers will incorrectly update the max-btu-size for links to Type 2.1 nodes. CSCdk23271 introduced the capability of setting the max-btu-size from the host MAXDATA parameter.
Customer has APPN router attached to VTAM. CM/2 workstations defined as network nodes connect to the router but are treated as len connections by the router to allow the router to generate dynamic cpnames.
When ILU on the CM/2 attempts to connect to VTAM, the bind arrives at the router with an RSCV that terminates on the router. The router rejects the bind with 80040000 as the resource is not local to the router.
Workaround is either remove the len connection statement from the router appn port statement or to reconfigure the CM/2 as an end node.
After entering the command no distance eigrp 255 255, the inaccessible routes may not be restored to the routing table. Workaround is to clear ip eigrp neighbors on the interfaces of the affected routes.
A router running 11.3(3) IOS configured with a policy route map on a BRI interface may not forward packets to the next hop as specified in the set ip next-hop statement.
The following conditions must exist for policy routing to fail:
The ip policy route-map <name> is configured on a BRI interface
The destination exists in the ip cache table of the policy router
Workaround it to issue a clear ip cache command. Or remove fast-switching by issuing a no ip route-cache.
Netbios over TCP/IP port 139 is not getting translated.
Support for this feature is currently being added by development.
On a Cisco 2600 series router running the c2600-is-mz_113-3a_T1 image and the NAT protocol, NAT works until the translation table times out. Only a reload of the router every 24 hours resolves the problem.
Routers with equal cost (redundant) paths between two EIGRP neighbors may experience problems with redistribution of static routes with a specified next hop.
The problem is readily reproducible with the following config: interface Ethernet 0/0 ip address 126.96.36.199 255.255.255.0 ! interface Ethernet 0/1 ip address 188.8.131.52 255.255.255.0 ! router eigrp 1 network 184.108.40.206 redistribute static ! ip route 220.127.116.11 255.255.0.0 18.104.22.168
Note: This problem only affects redistribution of static routes with a nexthop specified and equal cost links with the nexthop on one of the links.
The interface connected to the same net as "nexthop" must come up *after* the redistribution in oder to see the problem.
The problem can be corrected with a clear ip route * command
DVMRP prunes received over a point-to-point link other than a tunnel, are silently ignored when they are sent to a unicast address. Workaround is to build a tunnel with the DVMRP neighbor.
Work around is to shut/no shut on the interface, and not as described below:
"clear ip route <net>" will remove a connected route from the routing table which will not be properly reinstalled. This is a regression introduced in 12.0 by CSCdk01482
A workaround is to do a "clear ip rout *" if the net is lost.
If received update has as-path loop and/or any other bad attribute (e.g. bad nexthop) when running under soft reconfig inbound, the clean copy of the paths are left around (received-only). This will bring back the denied path if clear neighbor soft in was issued and might alter path selection.
DNS A RR responses will be dropped by NAT, if the packet is going from NAT outside to NAT inside and, the inside source mapping has an access-list which permits any and, the embedded IP address is an OUTSIDE GLOBAL address. This works fine till 11.3(4) and 11.3(4)T.
If you have demand circuit (including virtual link) and external LSAs on a router, the router will crash within 20-25 minutes.
The only workaround is to not use demand circuit and virtual links.
DNS NS records that have glue records translated have the ttl of the glue records set to 0. The ttl of the NS record is not set to 0. Thus the DNS server will have a NS record for a DNS zone but no glue records. The next time the DNS server needs to contact the remote DNS server it will fail because it has a NS record cached but no ip address to reach it.
Removal of a static route pointing to the NULL interface (or loopback), can cause EIGRP instability.
If "ip pim send-rp-announce" command is configured when a router runs out of memory, the router may crash. The workaround is to de-configure this command if the router is known to be at risk of running out of memory.
A crash may occur if the distribute-list out command is configured with isis as the routing protocol. For example:
router <protocol> distribute-list <acl> out isis
This crash can occur when configuring any ip routing protocol.
The distribute-list command does not work with isis, so the specification of isis routing protocol in the distribute-list command is invalid. The crash occurs because the invalid input is not handled correctly.
Workaround is to avoid specifying isis routing protocol when configuring distribute-list out.
If both telnet sessions are encrypted and kerberized, then the telnet2 console may receive garbled characters. The commands entered in this session will take effect on rtr2, but their output is illegible.
Configuring Bisync (encapsulation bstun) with ASCII character (bsc char-set ascii) on the first port of a serial WIC (1T, 2T or 2A/S) in WIC slot 0 of a 2600 series, only the first character of each frame will be received, and the BSTUN tunnel will not get established. This only affects Bisync mode when configured with ASCII character set. Other encapsulations are not affected, and using the EBCDIC character set with Bisync works correctly.
The problem is that for the first serial port in WIC slot 0, the parity detection is not configured correctly for Bisync in ASCII mode. The first character of each frame is generating a parity error which causes the receiver to discard the frame after the first character received.
A work-around for this is to use a different serial port: either the second serial port (port 1) on a 2T or 2A/S WIC in WIC slot 0 or any serial port in WIC slot 1. If you have only one serial WIC, moving it from WIC slot 0 to WIC slot 1 will fix this problem.
If you are using NFAS with a backup D-channel and the primary D-channel goes down, modem calls might fail to be accepted into the access-server. Enabling the debug modem csm command displays the "dchan_idb state is not up" error message.
A router will crash right after the user configures an S/T BRI interface into the 128k leased-line mode. This is known to happen in 11.3(6).
The fix is in 12.0(1) and *post* 11.3(6).
There is no known workaround now.
CBAC fails to create the dynamic ACLs to allow the establishment of FTP data channels if the FTP client sends a command terminated with a single carriage return character (instead of carriage return and linefeed characters). The symptom of this problem is that the commands that require the exchange of port (in order to set up a data channel between client and server) like ls, get and put hang.
The cablelength configuration command for the CT1 module is missing in the Cisco 2600 platform for Release 11.3T.
The symptom of the this problem appears when the commands shut then no shut or clear int bri are issued to a BRI interface on the MBRI-NM. Once the command is issued, the ISDN D-channel layer 2 will not come up. The ISDN layer 2 shows that it attempted to send a line set up frame but the other end will not respond correctly. This is because the interface is hung and no more frame will be transmitted out.
The only work around for this problem is to not issue these commands. If the interface needs to be reset then the router needs to be reloaded.
This is a problem for MBRI-NM on the c2600 platform only.
If an interface is configured for both "nat outside" and crypto, all incoming packets targeted at the router are forced to the crypto engine, regardless of whether or not they are (or should be) encrypted. All non-encrypted packets are then dropped by the crypto engine.
When the link(s) between redundant ATM ARP-servers breaks, the ARP-servers keep trying to contact each other to repopulate the arp cache.
Due to excessive signalling, the CPU load on the routers and ATM switches can rapidly reach 99%.
The workaround is to use only one arp server or to put them on very stable links
When running Tag Switching and CEF on an Ethernet interface, it is possible for the interface to get into a state where the IP packets are not forwarded properly.
The problem occurs when a CEF entry is improperly pointing at a Tag data structure. To check whether this is the problem, do
show adjacency detail
for the next hop on the failing route. In the failure case, the packet counts on the "IP" adjacency will not be increasing, but those on the "TAG" one will.
Workaround: Disable Tag switching on the interface.
On run from flash systems, executing copy flash tftp incorrectly invokes the flash load helper code.
In some situations, ftp file transfers fail due to an internal error.
This problem causes the Explorer bit in the TRISL header to be set for Non-Specific Routed (NSR) Frames. Normally, the Catalyst 5000 and 3900 ignore this bit for NSR, but sometimes it causes some problems. For the specific case in the customer setup, IP pings for NSR frames fail at times.
If a crypto map is applied to a dialer interface, dialer pools are used, and a dialup interface (e.g., BRI) is used as the physical interface, then when that dialup interface is unbound from the dialer, it may cause a system reload or mis-alignments. A workaround is to not use dialer pools.
On VIP interfaces where CEF is required to run crypto, this bug only affects the VIP connection setup. This bug prevents the connection setup initiation from the VIP side if the packet is self generated. With this bug VIP encrypt/decrypt will still work once the connection is setup. To get around the VIP connection setup failure when the VIP interface is connected to a peer router that is not a VIP interface, the user can try to initiate the connection from the peer router. After connection setup, pinging from both sides will get encrypt/decrypt properly.
On non-VIP interfaces, this bug will cause the packet to go out in clear. The user has to turn off CEF switching.
Note that this bug only affects self-generated packets, in the real world environment we usually have packets forwarded to a router for encryption; in this situation, the packets will take a different path and will not be effected by this bug.
POET Output drops at low data rates w/ 2 PAs in VIP2. The use of a sub-rate POET interface together with a full-rate POET on the same VIP, Vip2, or VIP2-50 will cause the full-rate POET to drop outbound packets. This occurs with an externally clocked sub-rate POET. There is no workaround except to move the sub-rate POET or clock the sub-rate POET at 44.726 Mbps.
Also see CSCdj86266 for a similar problem with HSSI interfaces.
Generic traffic shaping is not working on the Ethernet interface of a Cisco 2600.
The router might reload when using the default state-table or no state-table commands. Workaround: Avoid using these commands. Also, confirm the existence of a particular state-table before deleting it.
When trying to configure a multipoint ATM-DXI interface, the router will only allow one atm-dxi map statement per VPI. For instance, if two atm-dxi pvc are defined on a multipoint interface (VPI/VCI 0/50 and 0/51) the router will only allow one atm-dxi map command for VPI 0.
The error: "Address already in map" appears when the second map command is entered.
If an ATM PVC is deleted on a point-to-point interface and a new PVC is created, and the new PVC has a different VCD than the old, CEF will drop packets that should be transmitted on that interface. The interface configuration commands no pvc followed by pvc will produce this behavior, as will no atm pvcvcd followed by atm pvcdifferent-vcd. This can be corrected by issuing shutdown followed by no shutdown for the affected interface.
When the PA-A3 has physical layer errors at the 96th 15 minute stats report interval, a memory overrun error will occurs.
Router gets memory allocation failures. Customer has enough memory to run this image, however memory allocation failure occurs.
Router was running out of memory due to SAP general request storm(s).
If IPX EIGRP is configured, please refer to CSCdk44590 also.
When using IPX EIGRP incremental sap updates (RSUP) the server tables between two or more eigrp neighbors may become inconsistent. Specifically, the problem may occur when as few as three dozen servers go away at the same time, while the routes to those services remain in the routing table and if there are multiple EIGRP neighbors or paths to a neighbor. The "down" flash update for some of the recently downed servers isn't being sent out all interfaces, so some devices have the servers removed and others do not.
Workaround is to clear the ipx eigrp neighbors on the unit which shows these servers remaining in the table.
Router gradually loses memory when running IPX EIGRP with "ipx sap-incremental..." commands configured on its interface(s). The memory leak occurs when SAP general requests are received on the IPX interfaces with "ipx sap-incremental" configured. By default, "ipx sap-incremental" is ENABLED on non-LAN interfaces which are configured for IPX EIGRP.
It is most evident by doing show proc mem and seeing the growth of the "Holding" memory by the "IPX SAP In" process:
PID TTY Allocated Freed Holding Getbufs Retbufs Process 44 0 14265416 201472 8360984 21924 0 IPX SAP In
Also, memory is being allocated to large number of "IPX SAP PH", "IPX NDB PH", and "IPX USV" as shown by the command show memory summary:
X25 to TCP translation done with an autocommand telnet optioned to eliminate echo seen on the TCP side causes the router to crash upon doing a wr m or wr t. The command in the test case is: translate x25 1234567891 pvc 4 autocommand "telnet 22.214.171.124 9000 /noecho."
When using vty-async interfaces, a new connection may be closed immediately after being accepted on the vty (under rare circumstances).
Bug appears due to coding error in ISDN combined with DT's NET3 switch sending out an invalid AOC IE.
Voice over IP calls cause the router to reload if PPP Multilink is enabled on the BRI interface. Workaround: Force a UDP checksum on the dial peer or remove the PPP Multilink.
MS Callback server functionality in Cisco Access Servers is not working with configurations involving Async/ISDN interfaces configured with Dialer Profiles.
When the SERVICE messages are exchanged with the routers for ISDN PRI interfaces and the B-channels are transitioned from Out-of-service state to In-service state, the B-channel count does not get updated. This can prevent the router from dialing out & accepting incoming voice/modem calls. The remote callers get fast busy.
There is no workaround available.
DDR with dialer dtr does not reset DTR to a down state after an unsuccessful call attempt. Unsuccessful in this case means that DDR is triggered, DTR is raised, but the modem/TA attached to the serial port never connects so that DCD does not come up.
This can be verified by viewing show dialer to ensure that the dialer state is idle, and then show interface serial x to check the state of DTR.
This problem does not seem to occur in 11.1 release of software.
Router running 11.3(5.2) with APPN and ATM configured may experienced software forced crashes with the following trace:
Frame-relay SVC failed on multipoint subinterfaces.
This problem is caused by an unintialized protocol address on the frame-relay SVC code.
There is no workaround.
The incoming call does not route the called and calling NSAP facilities on the outgoing side.
The AAA software has a memory leak. This will occur when AAA and Radius/Tacacs+ are configured. This was introduced in 11.3(5.1).
A workaround is to configure 'aaa accounting update periodic X' at startup time. Set X to a large number to avoid lots of periodic update accounting records.
The multilink max-links command does not work for L2F projected interfaces. This also applies for AAA user profiles which use the "max-links" TACACS+ attribute or Port-Limit and Ascend-Maximum-Channels RADIUS attributes.
Router may crash when command show dialer is executed while calls are connecting and disconnecting.
This will cause router IO memory to leak when data-traffic is pounded on the ISDN D-channel (running PPP over X.25) and it's deactivated.
The router may reload when exiting a PAD connection. The problem is introduced in IOS interim 11.3(6.3) software.
Under some circumstances, X.25 switching may reload the router.
One example is when a Call is switched to an XOT destination which is then Cleared (i.e. when no Call Confirm was received).
The Cisco 2600 series of routers with ISDN configurations -- both Basic Rate ISDN (BRI) and Primary Rate ISDN (PRI) interfaces -- can reload with a watchdog time-out when the ISDN interfaces are active/operational.
This problem occurs only on Cisco 2600 series routers running IOS release 11.3(6.2)T and beyond, 12.0(1) and 12.0(1)T.
There is no work-around for this problem.
Enabling IP Multicast prevents LANE from populating multicast mac addresses. As a result, it prevents ip routing protocols from working properly on LANE interfaces. The work around is to disable IP Multicast.
The following sections describe the documentation available for the Cisco 2600 series routers. Typically, these documents consist of hardware installation guides, software installation guides, Cisco IOS configuration and command references, system error messages, and feature modules, which are updates to the Cisco IOS documentation. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online only.
The most up-to-date documentation can be found on the Web via Cisco Connection Online (CCO) and the Documentation CD-ROM. These electronic documents might contain updates and modifications made after the hard copy documents were printed.
These release notes should be used in conjunction with the documents listed in these sections:
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. These documents are shipped with your order in electronic form on the Documentation CD-ROM, unless you specifically ordered the printed versions.
Each module in the Cisco IOS documentation set consists of two books: a configuration guide and a corresponding command reference. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Each configuration guide can be used in conjunction with its corresponding command reference.
To access these documentation modules on CCO, follow this path:
Table 7 details the contents of the Cisco IOS Release 12.0 software documentation set. The document set is available in electronic form, and also in printed form upon request.
Note The most current Cisco IOS documentation can be found on the latest Documentation CD-ROM and on the Web. These electronic documents might contain updates and modifications made after the paper documents were printed.
To access the Cisco IOS documentation set on CCO, follow this path:
Configuration Fundamentals Overview Cisco IOS User Interfaces File Management System Management
Bridging and IBM Networking Configuration Guide
Bridging and IBM Networking Command Reference
Transparent Bridging Source-Route Bridging Token Ring Inter-Switch Link Remote Source-Route Bridging DLSw+ STUN and BSTUN LLC2 and SDLC IBM Network Media Translation DSPU and SNA Service Point SNA Frame Relay Access Support APPN NCIA Client/Server Topologies Cisco Mainframe Channel Connection Airline Product Set
Dial Solutions Configuration Guide
Dial Solutions Command Reference
Dial-In Port Setup Dial-In Terminal Services Dial-on-Demand Routing (DDR) Dial Backup Dial-Out Modem Pooling Large-Scale Dial Solutions Cost-Control Solutions ISDN X.25 over ISDN VPDN Dial Business Solutions and Examples
Cisco IOS Interface Configuration Guide
Cisco IOS Interface Command Reference
Interface Configuration Overview
Network Protocols Configuration Guide, Part 1
Network Protocols Command Reference, Part 1
IP Addressing IP Services IP Routing Protocols
Network Protocols Configuration Guide, Part 2
Network Protocols Command Reference, Part 2
AppleTalk Novell IPX
Network Protocols Configuration Guide, Part 3
Network Protocols Command Reference, Part 3
Apollo Domain Banyan VINES DECnet ISO CLNS XNS
Security Configuration Guide
Security Command Reference
AAA Security Services Security Server Protocols Traffic Filtering and Firewalls IP Security and Encryption Passwords and Privileges Neighbor Router Authentication IP Security Options
Cisco IOS Switching Services Configuration Guide
Cisco IOS Switching Services Command Reference
Switching Paths for IP Networks Virtual LAN (VLAN) Switching and Routing
Wide-Area Networking Configuration Guide
Wide-Area Networking Command Reference
ATM Frame Relay SMDS X.25 and LAPB
Voice, Video, and Home Applications Configuration Guide
Voice, Video, and Home Applications Command Reference
Voice over IP Voice over Frame Relay Voice over ATM Voice over HDLC Video Support Universal Broadband Features
Classification Scheduling Packet Drop Traffic Shaping ATM QoS SNA QoS Line Protocols
Cisco IOS Software Command Summary
Dial Solutions Quick Configuration Guide
System Error Messages
Debug Command Reference
1This book will not be available until January 1999.
The Cisco Management Information Base (MIB) User Quick Reference publication is no longer being published. For the latest list of MIBs supported by Cisco, see the Cisco Network Management Toolkit on Cisco Connection Online. On CCO, use the following path: Software and Support: Software Center: Network Management Products: Cisco Network Management Toolkit: Cisco MIBs.
For service and support for a product purchased from a reseller, contact the reseller. Resellers offer a wide variety of Cisco service and support programs, which are described in the section "Service and Support" in the information packet that shipped with your product.
Note If you purchased your product from a reseller, you can access CCO as a guest. CCO is Cisco Systems' primary real-time support channel. Your reseller offers programs that include direct access to CCO services.
For service and support for a product purchased directly from Cisco, use CCO.
For helpful tips on configuring Cisco products, follow this path on CCO:
Software & Support: Technical Tips(button on left margin)
"Hot Tips" are popular tips and hints gathered from Cisco's Technical Assistance Center (TAC). Most of these documents are also available from the TAC's Fax-on-Demand service. To access Fax-on-Demand and receive documents at your fax machine, call 888-50-CISCO (888-502-4726). From international areas, call 650-596-4408.
The following sections are provided from the Technical Tips page:
Field Notices---Designed to provide notification of critical issues regarding Cisco products. These include problem descriptions, safety or security issues, and hardware defects.
Hardware---Technical Tips related to specific hardware platforms.
Internetworking Features---Tips on using and deploying Cisco IOS software features and services.
Sample Configurations---Actual configuration examples complete with topology and annotations.
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information,productdocumentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
Modem: From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps.
For a copy of CCO's Frequently Asked Questions (FAQ), contact email@example.com. For additional information, contact firstname.lastname@example.org.
Note If you are a network administrator and need personal technical assistance with a Cisco product that is under warranty or covered by a maintenance contract, contact Cisco's Technical Assistance Center (TAC) at 800 553-2447, 408 526-7209, or email@example.com. To obtain general information about Cisco Systems, Cisco products, or upgrades, contact 800 553-6387, 408 526-7208, or firstname.lastname@example.org.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.