Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S

This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S.

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.10S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.10S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S10

Status

Fixed

 

Caveat ID Number
Description

CSCut26305

CSR1000V: next reload license level is NOT working.

CSCuu13476

Cisco IOS and Cisco IOS XE Software TCP Denial of Service Vulnerability

CSCuv59457

Exposed username and password in log when EPC export fails

CSCuv90519

Map doesn't get updated with socket change on local address change

CSCva19023

CFD: Router or Switch Crashes When PNP Configures VTY Line Due to Stale CSB

CSCvc07577

Crash in BGP due to regular expressions

CSCvf36269

Cisco IOS and IOS XE Software Plug-and-Play PKI API Certificate Validation Vulnerability

CSCvf84295

Memory leak in IPSEC key engine process

CSCvg39082

Cisco device unexpectedly reloads after TCP session timeout

CSCvh66033

IKEv2 - Crash with segmentation fault when debugs crypto ikev2 are enabled

CSCvi93528

PI IOSd reload due to call-home at kex_dh_hash conn pointing to eem

CSCvj23301

IOS: Crypto Ruleset fails to get deleted

CSCvj77686

7600 router with IPSEC3/SSC600 leaks VRF info

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.9S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.9S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S9

Status

Fixed

 

Caveat ID Number
Description

CSCsv05154

Cisco IOS HTTP server vulnerable to CSRF attacks

CSCui67191

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol DOS Vulnerability

CSCun88463

Router reload due to memory corruption with IP SLA

CSCuo87952

Line card FPD upgrade struck, and card FPD status in 'wait' state.

CSCus34406

dmvpn tunnel goes down when removing secondary ip from tunnel source int

CSCus73337

stack stby reloaded by stack-mgr due to active/stdby config out of sync

CSCut45453

icmpv6 reply are blocked

CSCuv80858

byte counters for a port-channel show interface is inaccurate

CSCuw73525

3650 DHCPv6 Guard does not block rogue DHCP server to provide IPv6 addr

CSCux24141

MET mis-programming results in unwanted multicast after switchover

CSCuy14110

CPU Spike seen due to VTEMPLATE BKG OW Process.

CSCuy38144

Protocol Other counted up when executing "show int accounting"

CSCva18762

IGMP packets looping between Active & Standby SP CPU

CSCvb14640

Cisco IOS and Cisco IOS XE Software IPv6 SNMP Message Handling Denial of Service Vulnerability

CSCvc54886

Asr1k(SPA-1XCHSTM1/OC3): Router down after receiving invalid spa ipc-message

CSCvd01613

DSCP value get remarked on the ES+ 10g line cards

CSCvd02153

Router crash due to mpls/ospf config on interface.

CSCvd19860

OSPFv3 AUTH breaks IPv6 traffic intermittently

CSCvd42785

Multicast forwarding when OIF is Null in 7600

CSCve48453

eBGP vrf next-hop setting behaviour is changed by CSCuv07111.

CSCvf12081

Cisco IOS XE Software Verbose Debug Logging Information Disclosure Vulnerability

CSCvf29111

7600 stack low crash

CSCvf74829

CRL download fails due to "failed to create getcacert message"

CSCvf81579

ASR1K: IOSd crash in kmi_initial_check on null map dereference

CSCvg00110

MET table depletion in 7600

CSCvg06443

VPNMAP table depletion in 7600

CSCvg09008

Online Diagnostics detected a Major Error

CSCvg53836

router crashed when MPA with source vlan 1-4094 created

CSCvg84667

Mishandling of udp pkts (that are destined to RP) at 7600 ES+ NP, when BFD is hardware offloaded

CSCvh02536

XE3.16.6B-ES: pmsi_tunnel label value seen as explicit null on downstream PE

CSCvh21686

ES+HD (76-ES+XT-8TG3CXL) LC ports sharing a channel stop forwarding when a port is admin shutdown

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.8S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.8S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S8

Status

Fixed

 

Caveat ID Number
Description

CSCvc48365

ASR1000-6TGE/2T+20X1GE:- Chunk corruption in XLIF pending process

CSCvc89102

ASR1000 doesn't send PPP ECHO Reply

CSCvc91743

Platform does not trigger license release when the port moves into error disable state

CSCvb61075

ASR920: Dual-rate EEM errors out when hostname has a dot '.' character

CSCvc89965

After reload route policy processing not re-evaluate with route-map using match RPKI

CSCvc58538

BGP crashes when removing advertise-map

CSCuw35828

crash w/BGP show advertised-routes when route-server is on vrf

CSCvd90251

Duplicate BGP prefixes are not dropped

CSCvd09584

eVPN PMSI VNI decoding / encoding as MPLS label

CSCvd16828

High CPU due to periodic route refresh to VPN peers using rtfilter AF

CSCva86436

no export ipv4 unicast map triggered router to crash

CSCva24325

NSF/SSO feature not honouring TCP MSS

CSCvc31517

Router crashes using BGP commands for long cost extended community string

CSCve51657

Slow convergence with scale after a core link flaps

CSCvd43437

Wrong Source IP Selection for eBGP in EVN/VNET environment

CSCve57697

Crash in Bstun SNMP code

CSCut87808

Crash While Accessing CallManager XML Config

CSCuz87695

SCCP Phones on CME not forwarding video packets on outbound calls

CSCux18010

Cisco Networking Services Sensitive Information Disclosure Vulnerability

CSCuw77959

1801M - %DATACORRUPTION-1-DATAINCONSISTENCY: copy error

CSCva00899

C841M crashes randomly during execution of the reload EEM script.

CSCvb59372

Double-free of VTY context causes a software-forced crash

CSCux15954

EEM : fatal condition error from operating system

CSCvc98571

EEM applet will not release the Config Session Lock if it ends when CLI is in configuration mode

CSCva42638

Traceback is seen when a EEM script runs

CSCvc44866

3850/3650 - ssh/vty sessions lock up leading to loss of access to device

CSCut77951

Arp entry changes to an encap type of 802.1Q

CSCvc77378

Glare condition exists for mid call DO INVITE when CUBE receives in-dialogue SIP OPTIONS message

CSCva80218

IOS-XE router crashed due to possible memory leak issue due to CCSIP_SPI_CTRL

CSCvb08960

ezvpn client config dissapears from dialer int when pppoe session flaps

CSCve10917

IPSec crash on ASR1k router while processing KMI

CSCvd40880

Modifying crypto ACL leads to a removal of crypto map config

CSCvb94392

Cisco IOS and IOS XE System Software SNMP Subsystem Denial of Service Vulnerability

CSCuz15131

dqueue not empty prior to destruction crashes ipv4fib_les_switch_wrapper

CSCvd97524

Fixed versions for CSCuz15131 crash when traffic with maximum size is on wire

CSCvb25357

NHRP registration requests failed after ipv6 tunnel source change

CSCvb65892

ISDN process crashed unexpectedly

CSCve60376

Crash in ADSL DMT SNMP code

CSCvc15923

L2TP Account accuracy: SSS disconnect ACKs are not received for few sessions

CSCvb41889

NTP leap second inserted every day after leap second occurs

CSCuw97889

Incorrect CLI output after netconf edit-config

CSCuz95908

Memory leak due to path querry with Null outgoing interface

CSCva38391

CVE-2016-1550: NTP security against buffer comparison timing attacks

CSCuz94245

IGP-LDP sync interoperability for OSPF multi area adj

CSCuv69650

OSPF Virtual-link using the lowest cost path

CSCut21950

3560 / RBAC / Unable to exclude enable command.

CSCuv04247

3850 config-sync failure on standby w/ 'no shut' on wlan

CSCuw53025

Cat3850 reports "Error, ECI has run out of event blocks" message

CSCus23013

show cmd under "parser view include-exclude" cause standby router to reload

CSCuz22162

Digital certificates does not sync to standby

CSCva66819

Non-Vlan1 did not get initiated with pnp startup-vlan conf after reload

CSCuw60955

non-vlan1 doesn't seem to initiate in Beni-MR3

CSCux52544

PnP Fails to Initiate with Non-VLAN1 Feature Configured

CSCuw15272

PNP: non-vlan 1 zero-touch upgrade does not work

CSCut25533

PnPA: non-vlan CLI should only apply to newly bootup devices

CSCvc71183

ASR1K ESP100 - Both ESP crashing due to cpp_bqs_srt_yoda_place_child_internal: failed to grow tree

CSCvd70453

Changing speed and negotiation causes crash

CSCvc86594

cpp_cp process crashed cpp_bqs_srt_yoda_destroy_tree

CSCvc83373

cpp_cp process crashes due to sw wdog expiring while creating a queue

CSCvd68301

Crash when interface with multiple tunnels sourced comes up

CSCvc80135

Crash when removing and re-adding bandwidth remaining percent while class-default has fair-queue

CSCvd23034

Multiple Parent Events Per Node lead to a crash

CSCvc56422

XE316:NIM serial interface flaps after soft OIR with traffic

CSCuy08656

SNMP Traps leading a leak in CHUNK functions

CSCve60402

Crash in Voice DNIS SNMP code

CSCve21448

multiple ISR4K VGW's crashed with Segmentation fault(11), Process = DSMP

CSCvb97638

CCSIP_SPI_CONTROL memory usage leads to crash - SIP subscribe messages

CSCvc99971

Cisco Router 2921 sending cisco-rtp payload 121 for RFC2833 (rtp-nte) instead of 101.

CSCvc86595

HTTP 304 response causes mc error and bad magic

CSCvc95168

ASR1001-X 1G GigE Ports do not Link up with RevB L1 PHY

CSCve29367

Packet drops seen between AppNav 694 and ASR1001X

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.8S

All open bugs for this release are available in the Cisco Bug Search Tool.

 

Caveat ID Number
Description

CSCux26195

"aaa accounting suppress null-username" not working as expected

CSCvd69608

Asr1k crashes at PPP process on pushing 4 or more per-user static ipv6 routes

CSCve54313

Crash in ALPS SNMP code

CSCty45891

ASR1k RP2 punt/keepalives triggered crash due to Tx err

CSCux37457

Power supply status stuck on either "ps, fail" or "ok"

CSCvc06453

As1k @ CFM traffic frames being sent with 2 dot1q tags

CSCvf11991

cpp-mcplo-ucode crash when layer 2 switching packet

CSCve25878

ASR1001-X: dot3StatsDuplexStatus gives unknown for tengig and gig interfaces

CSCvc39443

router may crash with ZBFW ACL modification

CSCuz16934

PfRV3: Unexpected big byte lost report with NBAR based QoS integration

CSCux93176

ASR1k:stby RP stuck while bootup

CSCuz90934

ASR 1001-X VLAN Errors Incrementing Continuously with No Traffic

CSCuw97842

Standby RP crash at be_ancp_get_dsl_line_attrs

CSCva00765

crash after no ipv4 multicast multitopology command

CSCvc68496

Discrepancy in number of ACEs in active and Standby after CoA

CSCun31438

Abnormal Call Disconnection due under load due to DP errors

CSCux41072

EIGRP sending hello messages with interface in passive mode.

CSCvb86484

wrong EIGRP redistribution statement in startup config breaks BGP settings atfer router reload

CSCuv74256

IOS: HMAC key miscalculated with DH Group 21 and IPSec PFS enabled

CSCve13491

Router might crash due watchdog when creating a new swidb at if_index_allocate_index

CSCva55916

CUBE crash in resolve_sig_ip_address_to_bind NULL ccb

CSCuv08835

IPSEC key engine process leaks /w dynamic crypto map in scaled scenario

CSCuv14856

WATCHDOG timeout crash during IPSEC phase 2

CSCuv51788

GM Router failed to register after reload.

CSCup84620

"show crypto isakmp stats" should print dropped IKE messages

CSCup90021

IKEv1 periodic DPDs sent per IPsec SA, not per IKE

CSCvc21452

ASR903:ISIS routes are set with Max Metric due to IGP LDP Sync

CSCvc82325

Crash after the MPLS LDP neighbor flap in the NSR scenario

CSCvf21718

ASR1K crash when running 'show ip nhrp vrf... detail'

CSCvc65670

NTP leap second addition/deletion for consecutive leap months not working properly

CSCuz62898

Crash in BGP due to regular expressions

CSCva58151

ASR1K-ESP100 crash when a link with tunnels go down

CSCvb09881

IWAN NBAR may cause a reload with pa_offset_to_addr

CSCvf24928

QFP exmem memory leak in cpp_fm_sce_result_chunk

CSCva47695

Entry leak in the SID_CAM leading to SID_CAM_OVERFLOW

CSCuy21483

ISR4451-X Crash at cpp_dsp_get_stream_stats

CSCuv02537

ASR1K ESP200 reload in a B2B CGN NAT scenario with PAP+BPA

CSCve37593

ASR1K ESP crash when creating QoS bind

CSCux93752

SRST Double Ringback heard on blind transfer to PSTN

CSCuv74171

crash on command "show snmp view"

CSCux86075

Unexpected crash during SSH operation

CSCvb72458

Router repeatedly crashing with "%UTIL-3-TREE: Data structure error"

CSCuu71299

MPLS LDP flap with %TCP-6-BADAUTH: No MD5 digest

CSCve66658

Crash in TN3270E-RT-MIB code

CSCva08142

IOSd crash on LISP enable router

CSCva00551

Cisco Router may crash on SIP MA Process Due to sstrncpy()

CSCuz72665

DATACORRUPTION-1-DATAINCONSISTENCY error when copying from PAI header

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7aS

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7aS

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S7a

Status

Fixed

 

Caveat ID Number
Description

CSCvc95168

ASR1001-X 1G GigE Ports do not Link up with RevB L1 PHY

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S7

Status

Fixed

 

Caveat ID Number
Description

CSCvb30256

ASR1000-2T+20X1GE: More than 1Gbps traffic is reported on 1GE port

CSCvb49832

ASR1k-ELC- XCVR disabled after router reload and interface is down

CSCva23372

L2-EoGRE:fman-fp crash when config VE instance with untagged encap

CSCuz75265

ASR1k: "sh plat software peer interface-manager rX" missing some info

CSCux68796

IOS-XE Router - High CPU When Handling get-next on "entStateStandby" MIB

CSCuz22379

ASR1001-X "mcpcc-lc-ms" process high CPU

CSCvb36753

Ingress Unicast traffic not received on the BDI.

CSCvc48813

BQS unable to resume processing leading to pending objects constantly increasing

CSCvb16588

idx out of range cpp_qm_event_sch_data

CSCvb76638

POLARIS 16.4: fman_fp and cpp_cp core files seen with L3VPN profile

CSCvb54111

VPDN sessions unablle connect with "Dataplane down" error

CSCvc08848

CPP DRV: QFP memory initialization failure

CSCuv71273

ASR 1000 Series Aggregation Services Routers Data-Plane Processing Denial of Service Vulnerability

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S

All open bugs for this release are available in the Cisco Bug Search Tool.

 

Caveat ID Number
Description

CSCup82655

flow record output not seen correctly after applying input ACL deny TCP

CSCux98943

Padding for PPPoE over ATM should not be added for accounting

CSCut70443

"request platform software console attach" command improvement

CSCuz33638

%IOSXE-4-PLATFORM: R0/0: kernel: EXT2-fs warning:

CSCtw74124

ASR1002-X/SIP-40G/ASR1001-X:sh plat..plim buf set:Fill Status Max:Not fn

CSCuz57513

ASR1K x86 based cards not logging ECC SBE errors to OBFL

CSCul33598

ASR1k: Disable PEMs sensor polling on Standby RP

CSCvb17224

cman_fp memory leak is seen on ESP

CSCuy74157

IOS-XE: 2KP/1NG espbase,sip info is not present in sh ver running

CSCux37457

Power supply status stuck on either "ps, fail" or "ok"

CSCui45088

ASR921:Link flaps on changing the IP for mgmt interface

CSCut87081

Broadcast counters issue for managment interface for incoming pkts

CSCvc06453

As1k @ CFM traffic frames being sent with 2 dot1q tags

CSCut01865

XE315:Packet drop@MaxTu in Nightster

CSCuy59471

erspan supports configure flexible mac for the wan interface

CSCvb26643

RP crashed due to memory corruption while packet processing.

CSCvc39443

router may crash with ZBFW ACL modification

CSCum53365

[AVC] SNMP indx can't be retrieved from uidb data-structure

CSCvb79182

IPSec GRE tunnel path-mtu-discovery does not work

CSCuy33103

incoming frame from AC is punted even though l2tp session is down

CSCus11391

ASR1k/3.10.2 : MLPPP packets incorrectly marked out of order and dropped

CSCux68942

"debug platform software infrastructure punt mma" enhance for lost seq

CSCuz16934

PfRV3: Unexpected big byte lost report with NBAR based QoS integration

CSCun90447

FNF: Bad values reported for IPv6 BGP nexthop for MPLS PE egress monitor

CSCuz67795

Polaris: different probing behavior with probe reduction between ISR/ASR

CSCux93176

ASR1k:stby RP stuck while bootup

CSCur48133

ATM 3xOC3 SPA failed to program with IFCFG_CMD_TIMEOUT error

CSCue01951

Scrambling settings to be configurable from the CLI

CSCvb77495

ASR1K: Unexpected router reload after receiving invalid SPA IPC message

CSCva22194

ASR1002X - 6XGE-BUILT-IN module has inconsistent interface state changes

CSCuz03682

Router with ambiguous second vlan stops forwarding after config changes

CSCuz84374

SPA modules on ASR1002-X show "missing"/"out of service" under show platform

CSCuz90934

ASR 1001-X VLAN Errors Incrementing Continuously with No Traffic

CSCur95967

TB @fpd_ver_info_resync_resp_message_unmarshal during SSO on ASR1001-HDD

CSCuu66094

%INFRA-3-INVALID_GPM_ACCESS_INFO wiith multiprotocol traffic on IWAN BR

CSCus53913

AppNav: Tunnel MTU results in fragmentation after Tunnel interface flap

CSCva15146

Tunnels created by AppNavXE should not be visible via SNMP

CSCud67560

Rotate Command for Trace files does not rotate PMAN Logs on FRU

CSCum25373

XE310/XE314, FW: traceback is seen when firewall is configured

CSCvc71183

ASR1K ESP100 - Both ESP crashing due to cpp_bqs_srt_yoda_place_child_internal: failed to grow tree

CSCva58151

ASR1K-ESP100 crash when a link with tunnels go down

CSCvc86594

cpp_cp process crashed cpp_bqs_srt_yoda_destroy_tree

CSCvc83373

cpp_cp process crashes due to sw wdog expiring while creating a queue

CSCvc80135

Crash when bandwidth remaining percent <#> is removed then re-added to a class-map

CSCuo65747

ESP-100/200: Fair Queue not applied correctly adding to existing policy

CSCup40814

ESP-100/200: Fair Queue not applied correctly adding to existing policy

CSCvb09881

IWAN NBAR may cause a reload with pa_offset_to_addr

CSCva47695

Entry leak in the SID_CAM leading to SID_CAM_OVERFLOW

CSCuy21483

ISR4451-X Crash at cpp_dsp_get_stream_stats

CSCup32534

ASR 1001-X - Crypto throughput threshold messaging changes and errors

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6bS

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6bS

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S6b

Status

Fixed

 

Caveat ID Number
Description

CSCvc95168

ASR1001-X 1G GigE Ports do not Link up with RevB L1 PHY

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S6

Status

Fixed

 

Caveat ID Number
Description

CSCuz17963

plogd tracelogs getting generated causing high cpu in plogd process

CSCuz34766

ASR1000-2T+20X1GE GE ports cause CRC errors when connected to some LCs

CSCux44606

Name ACL for Multicast Boundary Stops Working Upon Reload

CSCux66017

ASR1K crash due to "SNMP engine" when polling ifEntry on sonet interface

CSCuz43112

EFP deleted when unconfig otv overlay interface and then config back

CSCux74788

ASR1002-X: Memory leak in IOSD: acl-handle

CSCus35015

PFR - 'set trigger-log-percentage' not showing in config

CSCux12259

pfrv3: pkt drops as "disable pkt" b/c encap value 0X00000013 in asr1001x

CSCuw81295

Ping fails on ASR 1001X when Cu SFP is replaced by Optical SFP

CSCuu17470

XE314:1NGPacket drop Built-In interface configured with EVC and xconnect

CSCuz55555

"On ASR1k,Traffic rate getting effected due to qos policy.."

CSCva17867

ASR device is crashing on adding interfaces to AVC through Webui

CSCva49319

CPP Crash when flapping qos and interface speed on Yoda or Tunnel w/qos moves to vlan w/qos

CSCuw11097

ASR one way audio due to incorrect provision by FMAN-RP

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S

All open bugs for this release are available in the Cisco Bug Search Tool.

 

Caveat ID Number
Description

CSCva23372

L2-EoGRE:fman-fp crash when config VE instance with untagged encap

CSCuz16934

PfRV3: Unexpected big byte lost report with NBAR based QoS integration

CSCur48133

ATM 3xOC3 SPA failed to program with IFCFG_CMD_TIMEOUT error

CSCuz90934

ASR 1001-X VLAN Errors Incrementing Continuously with No Traffic

CSCuo65747

ESP-100/200: Fair Queue not applied correctly adding to existing policy

CSCup40814

ESP-100/200: Fair Queue not applied correctly adding to existing policy

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5aS

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S5a

Status

Fixed

 

Identifier
Description

CSCuz54836

ASR1002-X with harddisk installed stuck in crash and reboot cycle

CSCuz65079

SIP40: Support for new revision MPC8548 Rev.E CPUs

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S5

Status

Fixed

 

Identifier
Description

CSCuw89522

ASR IOSD crash because of AVC feature

CSCuw13407

PfRV3: transport bytes expected counters overflow and not expected

CSCuv79776

Router with Pfr feature crashed at cpp_free_exmem

CSCuw30599

ISR4331-B: traceback occured when enabling Ethernet Data Plane Loopback

CSCuv84600

Netflow packets are dropped when EPC is enabled

CSCux29703

ASR1000-2T+20X1GE fails to boot on router reload with SPA-3-NULL_BAY_PTR

CSCuu48458

ASR1k/15.4(3)S QinQ frames are dropped under "TCAM Failure Drops"

CSCux55692

TCAM Errors in NL11k TCAM of Fixed Ethernet Linecards

CSCuw98135

ZBFW HA not replicating sessions when matching based upon L4 proto/port

CSCuw21897

Traceback seen with ip cef accounting

CSCux57066

ASR1K : Lawful Intercept not working as expected for IPv6 traffic

CSCux02656

ASR1K: Crash related to collecting NetFlow data for IPv6 flows

CSCuw36887

Crash with with Flexible Netflow enabled

CSCuw78755

IOS-XE need not require appxk9 license to support per-tunnel DMVPN QoS

CSCup91567

ASR1001-X boot-loops with CMCC crash and XGM MAC10 block errors

CSCux01133

interface counter stuck on build-in interfaces in ASR1001X

CSCux43951

Packet drops on built-in 1Gig ports of ASR1001-X

CSCuv26762

ASR1001X HMAN generating error msg when reading /proc/cpuinfo

CSCux42411

ASR1001-X Frame Relay with Fortitude NIM fails due to LMI packet padding

CSCuv93130

Cisco IOS-XE 3S platforms Series Root Shell License Bypass Vulnerability

CSCup70353

IOS-XE router reload due to WebUI log file leak

CSCuw49798

ASR1K: cpp_cp_svr core@cpp_qm_cmn_delete_queue

CSCuw94014

cpp_cp crashes with BB profile #6 48k PTA

CSCut49714

GEC:QoS: pkt buff util high after apply/remove flat policy w/ fair-queue

CSCuw81487

Kahuna RP crash when bringing up PTA sessions with QoS

CSCuw73223

Polaris : cpp_cp_svr crash when the interface goes down

CSCux10321

ASR1000 CLI hangs on executing the "show platform hardware qfp xxx"

CSCud50181

SBC srtp ucode crash doing srtp-rtp interworking

CSCuu45832

STUN packets not handled properly by CPP SBC module in ASR CUBE

CSCuw71226

Call stuck in a deactivating state (CUBE-SP)

CSCut78545

delegate registration failed after password change

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S

All open bugs for this release are available in the Cisco Bug Search Tool.

 

Identifier
Description

CSCty45891

ASR1k RP2 punt/keepalives triggered crash due to Tx err

CSCux44606

Name ACL for Multicast Boundary Stops Working Upon Reload

CSCux33568

ESP crash while reconfiguring FR interface to MFR bundle

CSCux07224

ASR1K crash with OTV due to L2BD FIB entry change

CSCux59115

ASR1002-X Crash with dpidb_tableid_params_initialize

CSCux93176

ASR1k:stby RP stuck while bootup

CSCur48133

ATM 3xOC3 SPA failed to program with IFCFG_CMD_TIMEOUT error

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

 

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S4

Status

Fixed

 

Identifier
Description

CSCuu50189

ASR1K reported %LSMPI-4-INJECT_FEATURE_ESCAPE for PPPoE data packet

CSCuu13292

ASR1k ucode crash at ipv4_esf_portbundle_forus

CSCuv46318

ESP100 cpp_cp_svr crash issue due to invalid stats_sbs_entry data

CSCuj15099

ISG doesn't preserve PBHK port maping in lite to dedicated sesssion

CSCuv52648

ESP memory leak under cpp_cp_svr due to BFD feature

CSCuu55787

ASR1001-X: Router fails to come online with No Service Password Recovery

CSCuu30999

Asset ID write not working on pluggable spa of Nightster

CSCut82336

ASR1002-X: Handle leap second in ToD IN

CSCut65374

PTP Leap Second: ASR1002-X incorporate leap second addition 6/30/15

CSCuu14809

Byte counters display incorrect value for multicast traffic over sub-int

CSCur24793

l2protocol forward not work for STP, LLDP, PPTPv2 and E-LMI in EVC

CSCuu85007

split-horizon group communication failure

CSCuo77017

tcam resource has not been released after 32k efp deleted

CSCuv91545

ESP continuous crash on ASR1013 using 03.13.03.S.154-3.S3-ext.bin

CSCuu12008

rework CSCut21885: chunk_destroy memory leak.

CSCut66894

evsi session fail to come up using multicast on all the virtual-access

CSCut91647

GETVPN on IOS-XE: GM incorrectly drops packets due to TBAR failure

CSCuu26053

Incorrect SPD ID in show platform software ipsec fp act flow id

CSCup14212

IOS-XE: IPv6 GETVPN dropped after un-configure then re-configure VRF

CSCty26186

Enhancement request to capture watchdog reset on asr1k

CSCuu72025

Multiple ESP Core on ASR1006

CSCuu97063

Syslog trap support with IPbase license for ASR1k platforms

CSCuv44159

MCP FME: skip jitter calculations for RTP dynamic payload types

CSCus86476

ASR1K NAT ALG ucode crash @ipv4_nat_destroy_addrport_bind

CSCur44103

ASR1k: Port leak while using NAT with interface mappings

CSCut63804

CPP crashed when device in pair became active

CSCuu82192

NatGatekeeper performance degraded

CSCuu27197

ASR1K 1NG: set platform software trace doesn't show IOMD in nightster

CSCut74937

ASR1K PBR VRF Selection not working when source is local router

CSCut09922

cpp_cp traceback from qos cpp_qm_rm_tree_obj_add

CSCut65811

Fair-queue with byte-based qlimit will not display q-depth correctly

CSCuv74763

ASR 1K - SSH Hangs on "Show Logging Count" When SBC Errors Flood Console

CSCut77070

SPA-1xCHOC12/DS0 not supporting Framed E1 connections.

CSCuu03930

RPcrash while booting with 3.13.2IOSXE after SPA-4XCT3/DS0-V2 insertion

CSCuv37192

ASR1001X duplex mismatch when connected with ISR4331

CSCut03205

SPA modules on ASR1K show "missing" under show platform output

CSCuv30194

crash at wccp stats handler

CSCuu09050

asr1001x may crash when unconfiguring large QoS policy

CSCuu92634

ASR1K:FP100: cpp_svr core file seen with uws_wan_xe311 profile

CSCuv05361

cpp_cp_svr crash on AR1K

CSCut99067

ESP crashed desc:CPP Client process failed: cpp_cp

CSCuu60301

ESP100 crash because of hardware interrupt

CSCuv09985

ESP100 crash if interface is going up/down CPPHA-3-FAULT: F0: cpp_ha

CSCuu24757

ASR1k QFP leak with cpp_sp_svr at module FM CACE

CSCuu57229

ESG: Packets are not getting Policed in expected class

CSCut41377

OSPFv3: 2nd interface inbound traffic drop by IN_V6_POST_INPUT_POLICY_FA

CSCut72639

ASR1k CPP crash with IP Options

CSCuu75584

cpp ucode crash related to Nat config changes

CSCur77743

ICMP packets generated by the router are wrongly NATted

CSCuv56368

dpss: dynamic class add/delete will cause router malfunction

CSCuv25212

ucode crashes with Fair Queue and FNF export is configured

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S

All open bugs for this release are available in the Cisco Bug Search Tool.

 

Identifier
Description

CSCuw41346

ESP packets discarded during re-key with static NAT on ASR1k

CSCup57389

Traffic drops while testing VRF Lite coexistance with SP NAT for LNS

CSCur48133

ATM 3xOC3 SPA failed to program with IFCFG_CMD_TIMEOUT error

CSCup91567

ASR1001-X boot-loops with CMCC crash and XGM MAC10 block errors

CSCuu14810

LNS Setup Rate takes over one hour for 58K sessions (copy of CSCut20591)

CSCuv36911

ASR1K active CGN ESP200 may crash when the CGN standby realoded

CSCuv02537

ASR1K ESP200 reload in a B2B CGN NAT scenario with PAP+BPA

CSCuv82003

Router crash on updating/deleting route-map for static NAT

CSCuw36887

Crash with with Flexible Netflow enabled

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S3

Status

Fixed

 

Identifier
Description

CSCut68825

PFRv3: unexpected byte loss reported due to TCP packet flow out of order

CSCut68598

ASR 1000 BFD randomly down at NAT configured interface

CSCut22976

ASR 1000 crash during monitor capture export FTP

CSCus71003

ASR 1002-X - Kernel crash - general protection fault

CSCus70057

Obsolete OTV route entries not deleted from TCAM

CSCut81614

OTV non-AED wrongly replies to ARP request received from internal intf

CSCut50228

ASR 1001-X ping loss with peer ASR1000 at fixed speed 10M

CSCus28745

POS FRR issue with traffic loss around 1 sec instead of 50ms

CSCut34273

ASR 1000, “unknown” process leak under cpp_cp_svr

CSCut41061

ESP crash with monitor capture and debug platform-trace

CSCur69109

VXLAN Entropy Feature Support

CSCut48055

ESP100 periodically crashes with hardware interrupt

CSCut64644

ASR 1000 goes to crash after TCAM messages appearing

CSCut41684

ASR 1000 crash due to CCM_ACK interupt

CSCut92345

XE3.13: Traceback@cpp_ha_oor_svr_throughput_req_msg_hdlr during bootup

CSCut03813

ASR 1000 ucode crash seen at mpls_icmp_create

CSCut83522

Ultra CRPG simulation intermittently broken by CSCut03813

CSCut56117

ASR NAT timeouted out sessions not cleared.

CSCus00801

ASR1002-X CPP crash while processing ICMP is unreachable

CSCus66974

ASR 1000 QFP ESP 200 crashed in a B2B CGN NAT scenario with PAP+BPA

CSCur31425

ASR NAT: PPTP ALG: Incorrect UNNAT of Peer-Call-ID in Outgoing-Call-Reply

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S

All open bugs for this release are available in the Cisco Bug Search Tool.

 

Identifier
Description

CSCut82336

ASR1002-X: Handle leap second in ToD IN

CSCut65374

PTP Leap Second: ASR1002-X incorporate leap second addition 6/30/15

CSCut21885

fman_fp_image and cpp_cp_svr memory leak - QFP PfR MP Prefix H.

CSCup57389

Traffic drops while testing VRF Lite coexistance with SP NAT for LNS

CSCut20591

LNS Setup Rate takes over one hour for 58K sessions

CSCut03205

SPA modules on ASR1002-X show "missing" under show platform output

CSCuu24757

ASR 1000 QFP leak with cpp_sp_svr at module FM CACE

CSCuo51601

ISR 4400 - Traffic incorrectly forwarded through class class-default

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(3)S2

Status

Fixed

Identifier
Description

CSCus32530

ASR 1000 Series Routers, ESP crash in internal L4R removal feature routine

CSCuq75633

BFD down sent from ASR5500 is not recognized by ASR 1000, still sending UP

CSCur53837

ASR 1000 Series Routers: SIP can't be re-enabled with 'no hw-module slot X shutdown'

CSCuq43357

ASR 1000 Series Routers - Y1731 Frame Delay Measurement is broken

CSCur70037

ASR 1000 Series Routers-Frames>1518 not dropped by QFP with default MTU config on Gig port

CSCun32287

SW: ASR1002-X ifHCInOctets can decrease before wrapping around

CSCus03277

ASR 1000 Series Routers: Ucode core file seen with EVC L2 Bridging in MCP_DEV

CSCuq70681

Host DB timer corruption causing firewall crashes on ASR 1000 Series Routers

CSCuq31464

IOS-XE 3.13S "fman_fp_image" Kernel memory leak due to “fw-zone-pair”

CSCur09782

XE3.13 ZBFW bulk sync to bypass self-zone sessions

CSCur46422

ASR 1000 Series Routers - Uncomment the POST for 3DES, AES

CSCur27466

WebUI in IOS-XE: evaluation of SSLv3 POODLE vulnerability

CSCuq85115

ASR 1000 Series Routers enable “ip cef accounting non-recursive” cause fman_rp crash

CSCur09918

ASR 1000 Series Routers: RP2 kernel crash

CSCuq88560

ASR CPP crashes due to stuck thread interrupt

CSCur09725

ASR 1000 Series Routers crash when loading Nbar pp version 10.0

CSCuq66758

ASR 1000 Series Routers - CPP ucode crashes on configuring OTV

CSCur60943

Crash on ASR with OTV configured is related to internal timer function

CSCur00747

ROMMON Upgrade rolled back

CSCur35347

ASR1002-X “SBC File Daemon Crash”/High CPU during hard disk log delete

CSCun62047

ASR 1000 Series Routers: Cleanup tracebacks seen while testing CEoP SPA-24CHT1-CE-ATM

CSCup67354

ASR1001-X PLIM errors displayed during boot up

CSCur46656

3.10.4S-UNIX-EXT-SIGNAL: Segmentation fault(11), Process = IOSD ipc task

CSCur54411

Fman fp crashes when VFI name length exceeds 21

CSCur49432

pe bdi interface cannot support ipv6 for the remote CE

CSCuq91599

ASR 1000 Series Routers: WCCP pending-ack in fman-wccp caused standby-fp reload every 1 hr

CSCuq68961

Update IC2M test harness to support AES KW algorithm validation testing

CSCuq36627

WAAS Express: Failed to create SSL session. (no available resources)

CSCul23249

Appnav PT statistic show wrong number after addition and removal of SN

CSCuq67023

SN group isn't getting removed from context in specific scenario

CSCur35923

Output MPLS conditions do not match

CSCur67418

packet-trace: EXP value in MPLS condition packet output might be wrong

CSCuq80765

500 internal server error occurs while updating

CSCur12414

ASR ANAT Hold-Resume IPv4-IPv6 one way audio

CSCur64006

CUBE crash in local_xcode_rtp_xmit similar to CSCui55556

CSCur12550

CUBE hangs SIP sessions when redirect IP2IP is configured

CSCur59627

CUBE has stuck/stale TCP socket opened by SIP TLS application

CSCur59399

CUBE intermittently fails to release SUBSCRIBE

CSCur13285

CUBE: Router crash seen at sip_mpa_free_event_info function

CSCuq85189

Incremental chunk leak seen at ccsip_debug_compute_hdr

CSCur54389

SRTP-RTP Call with HOLD/RESUME disconnected

CSCus13757

TLS socket read and hung DSP issues with Alert followed by FIN

CSCuq35431

DMVPN DHCP functionality is broken when Hub acts as DHCP Server

CSCur24855

Disable GETVPN optimization on 154.3M

CSCuq17828

ASR: Radius Accounting fails when using EDCSA certs

CSCur73327

IKEv2 - AAA IPv6 route set local installed in wrong VRF

CSCur23619

IKEv2 reconnect radius accounting stop should mention termination cause

CSCup09848

[Mang] Traceback seen during call connect

CSCuo81912

SSTE: Unable to remove performance-monitor once the interface is deleted

CSCur07571

Processor memory leak with MRCP_Client at cc_api_get_call_active_entry

CSCuq25008

Route/tunnel recursion leads to STACKLOW and crash

CSCur10058

IOS PKI: CRL parsing may fail if HTTP content-length is not specified

CSCuq74176

PKI IOS removed valid CA certificate before expiry date

CSCur46638

XE3.10+ Flapping ATM interface or VC may cause small memory leak

CSCuq77467

ipcstats- Internal inconsistency: counter would go negative

CSCuq99660

Tracebacks observed during FPSO

CSCul79546

GEC pactrac: show fia-traced packet has unexpected unformatted output

CSCur33915

ASR1000 Series Routers QFP crash due to stuck thread

CSCur17355

ASR 1000 Series Routers crash due to SRTP when Fax T38 Protocol is configured

CSCur44075

AC ICE+ ver <= 4.0 Client unable to connect to XE SSL Headend {CSR 1K}

CSCun89616

IOS does not properly respond to TLS 1.2 client hellos

CSCur78846

"%Error: this command line only supports VoIP and POTs dial-peer"

CSCuq99173

Conditions experienced parsing H225 packet may cause crash.

CSCuq23360

H323 GW plays ring wcvgsback after H225 connect for PRI calls

CSCur21757

Memory leak *Dead* = AFW_application_process and QSIG-rose

CSCur16675

VXML gateway Crash @ms_handle_stream_timer

CSCus02640

SPA-DSP shows "out of service" after an IOS upgrade

CSCur12978

Multicast MOH stops working after one call

CSCuq88060

"no transport udp" is getting removed from "sip-ua" after reloading ASR

CSCur19344

Cannot start timer on "CCSIP_SPI_CONTROL" process

CSCuq54871

Crash seen when forwarding of SIP MWI as qsig MWI. 15.2M is NOT affected

CSCur31540

MMOH Over SIP CUBE does not work when there is an H323 call on hold

CSCur94272

sip_get_sipspi_message memory leak in CCSIP_SPI_CONTROL

CSCus00058

Invalid IP address is accepted as MTA send server

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S

All open bugs for this release are available in the Cisco Bug Search Tool.

Identifier
Description

CSCus32530

ASR 1000 Series Routers ESP crash in internal L4R removal feature routine

CSCuq67798

XE3.13 Mcast Service Reflection: IpFormatErr packet drop seen in KP

CSCuo77017

TCAM resource has not been released after 32K EFP is deleted

CSCus22393

ASR 1001 Routers- fman_fp_image crash in DMVPN environment

CSCus13106

Error in generating keys: no available resources

CSCuj55363

lispgetVpn traffic is dropped when getvpn profile is applied in WAN interface

CSCus15668

ASR 1000 Series Routers/03.07.06 forwarding delay has increased drastically with NAT

CSCup57389

Traffic drops while testing VRF Lite coexistence with SP NAT for LNS

CSCur32505

ASR100x SBC ucode crashes @ dlist_add_obj_to_rear

CSCus17320

SBC crash

CSCur48133

ATM 3xOC3 SPA failed to program with IFCFG_CMD_TIMEOUT error

CSCus09942

ASR 1000 Series Routers Crash on ipv4_nat_ha_upd_to

CSCus00801

ASR1002-X Router CPP crash while processing ICMP is unreachable

CSCus10145

Forwarding Plane reloaded with scaled HTTP traffic running

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S

All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:

Field Name
Information

Product Series/Mode

Cisco ASR 1000 Series Aggregation Services Routers

Releases

15.4(2)S2

Status

Fixed

Identifier
Description

CSCur07193

ELC-40:Popinac Crash after CSCuq82536 commit when configured Portchannel

CSCuq05033

XE314: Memory Leak @ Exec

CSCup51926

NAT door creation may be possible getting failed

CSCuq97925

cpp_cdm: CPP crashed after oir CLC

CSCup48518

FTP ALG create incomplete token in case of EPSV passive

CSCup34928

RP crash when config and unconfig a service continuously

CSCuq86513

ASR 1k: Crash in packet classification

CSCuq14700

TDL message buffers memory leak

CSCuq63782

ATM VCs flap when under a large amount of traffic

CSCup88496

630748069 Serial interface MTU issue on ASR1006

CSCuj79520

PAP global address usage growing consistenly over time.

CSCup98776

ASR1K outbund SA creation failure & ESP not processing further requests

CSCun41391

FP crash on ASR1k after upgrade from 3.7.2S to 3.11.0S

CSCuq02069

CUBE-SP HA Calls Fail/High CPU if CRYPTO PKI command entered on Standby

CSCup32129

Auto-rp announce packets replication

CSCur00762

ASR1k - incorrect traffic classification after HW TCAM is exhausted

CSCul48593

Active FP crashed due to stuck threads @ipv4_nat_bpa_free_port

CSCuo61455

Crash in NAT with ALG enabled

CSCuq87715

multicast l2 head rewite via ppp half bridge interface

CSCuo61982

new platform specific command for uRPF loose sdrop counter increasing

CSCuq49527

ASR1k IOSD crash while configuring IPSLA with Y1731

CSCup54891

CPP crash due to race condition while release object

CSCuq05276

ASR1K CPP crashes in ipv4_nat_esp_remove_conn

CSCuq84284

IOS-XE crash while snmp polling cbQosMatchStmtCfgEntry with NBAR

CSCuq82536

ELC-40: Memory Leak when configuring MAC Filters on Port Channels

CSCuo99185

Multiple IOS-XE CPP Ucode crashes due to invalid static route

CSCuq91488

not punt BFD packet to RP even BFD state changed from DOWN to UP

CSCun92244

active router creates binds with same gaddr, gport for >1 lport

CSCuq24971

ASR1k ucode crash with pa_get_state on using aggregate port-channel

CSCuo97597

ISSU/MDR XE313->mcp-dev: %CMRP-3-SIP_MDR_FAIL:SIP MDR restart timed out

CSCuq09004

RP crashed with cpp_cp_svr crash in cpp_qm_event_insert_leaf_node

CSCuq90913

OTV: CPP ucode crash in l2bd_forward on BD cond. debug enable

CSCuq27271

fair-queue with time or byte based queue-limit encounters ucode crash

CSCuq54655

ASR1K: Ucode@PAR1_CSR32_PAR1_ERR_LEAF_INT__INT_PAR1_STEM_CB_SEL_INV_ERR

CSCuq13494

ASR1k-IPv6 Egress ACL Intermittently miss classifies and Drops ESP packets

CSCup5365

ASR1k qinq subinterface stats do not work on Port Channel

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S

All open bugs for this release are available in the Cisco Bug Search Tool.

Identifier
Description

CSCur24107

ASR crash at cpp_mutex_destroy

CSCuq26372

Tracebacks seen @ cpp_exmem_chunk_destroy in latest XE313 throttle

CSCup57389

Traffic drops while testing VRF Lite coexistance with SP NAT for LNS

CSCur09918

ASR1K: RP2 kernel crash

CSCuq67798

XE313 Mcast Service Reflection:IpFormatErr packet drop seen in KP

CSCuq43357

ASR1K - Y1731 Frame Delay Measurement broken

CSCup66865

hub MC BR channel status fail to sync

CSCur32505

ASR100x SBC ucode crashes @ dlist_add_obj_to_rear

CSCum80911

XE312: ESP100 TCAM limit exceeded: HW TCAM cannot hold with 2k tunnels

CSCuj55363

lispgetVpn traffic is dropped when getvpn profile is applied in wan intf

CSCuo77017

tcam resource has not been released after 32k efp deleted

CSCur33915

ASR1000 QFP crash due to stuck thread

CSCuq64148

dHuge pkt drops with CRC errors when ASR1001x connected to a 3925

Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S

This section contains the following topics:

Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S

This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S.

  • CSCto07376

Symptom: The device reload when we grant certificates. crypto pki server <> grant all

Conditions: This symptom is observed when configured for crypto

Workaround: There is no workaround.

  • CSCtz50465

Symptom: ISSU between incompatible images goes through.

Conditions: This symptom occurs for images between ISSU-break.

Workaround: There is no workaround.

  • CSCtz59512

Symptom: Call threshold counter on an interface is not cleared. Seen in the output of "show call threshold status" command.

Conditions: IOS voice gateway with interfaces enabled to use the Call Threshold feature. Call is established over an interface and routing changes cause the disconnect message to be received on a different interface on the gateway.

Workaround: Reload the gateway to clear it permanently. or If not over a gigabitethernet interface, issue the "clear call threshold interface <interfacetype> <port>" command to clear the call.

  • CSCtz97771

Symptom: During regular operations, a Cisco router running Cisco IOS release 12.4(24)T and possibly other releases experiences a crash. The crash info will report the following: %SYS-2-FREEFREE: Attempted to free unassigned memory at 4A001C2C, alloc 4180794C, dealloc 417616B0, %SYS-6-BLKINFO: Attempt to free a block that is in use blk 4A001BFC, words 134, alloc 4180794C, Free, dealloc 417616B0, rfcnt 0,

Conditions: This symptom is not observed under any specific conditions.

Workaround: There is no workaround.

  • CSCua58402

Symptom: On recieving 200 OK with PAI, the connected number sent on the ISDN leg is the original called number and not the phone number answering the call.

Conditions: When remote-party-id is dislabed under sip-ua

Workaround: Enable remote-party-id under sip-ua

  • CSCub72573

Symptom: encpas counter in "show crypto ipsec sa" may occasionly show incorrect value

Conditions: IPSec tunnels configured and used on the device

Workaround: There is no workaround

  • CSCue23898

Symptom: A Cisco router running Cisco IOS Release 15.3(1)T may crash with a bus error immediately after issuing the 'write memory' command. Example: 14:44:33 CST Thu Feb 14 2013: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x228B2C70

Conditions: This symptom occurs while updating the router's running configuration with the 'write memory' command. It has been seen while updating various different commands such as, those under 'call-manager-fallback' ip route statements interface sub-commands

Workaround: There is no workaround.

  • CSCue76929

Symptom: enhance crypto-engine packet drop cause

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCuf44203

Symptom: AFW memory corruption

Conditions: AFW process crashes, when Request URI or other header string is of size greater than 1k

Workaround: N/A AFW process crashes, when string retrieved from container is of size greater than 1k. Mempool is created with 1k chunk size. Refer to CSCue97118.The issue is resolved in sip stack for this scenario. However we may hit this issue in AFW for some other corner cases (stress tests).

  • CSCug72872

Symptom: Router outputting %SCHED-3-THRASHING: Process thrashing on watched queue 'Crypto IPC'. -Process= "Crypto IKMP", ipl= 6, pid= 360 followed by a traceback

Conditions: Was observed both on ASR and ISR during an OCSP revocation check for a revoked certificate during an GDOI registration. Might affect regular ISAKMP connections too.

Workaround: enabling path-mtu-discovery on the router with : ip tcp path-mtu-discovery has given good results.

  • CSCuh07579

Symptom: An ISR/ISRG2/ASR router configured in a DMVPN setup may fail to create SAs during a rekey or new tunnel establishment.

Conditions: This symptom is observed when the router is configured as a DMVPN hub or spoke.

Workaround: There are no known workarounds. Try reloading the router to recover from the failure state. (Please note: the router may still run into this condition after a reload).

  • CSCuh87195

Symptom: A crash is seen on a Cisco router.

Conditions: The device crashes with gw-accounting and call-history configured. The exact conditions are still being investigated.

Workaround: Perform the following workaround:

1) Completely remove gw-accounting

2) Disable call-history using the following commands: gw-accounting file no acct-template callhistory-detail

  • CSCuh89946

Symptom: Customer may see the following error messages: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level %SYS-2-MALLOCFAIL: Memory allocation of 80 bytes failed from0x5CEEBCC, alignment 0 Pool: Processor Free: 196745624 Cause: Interrupt level allocation Alternate Pool: None Free: 0 Cause: Interrupt level allocation -Process= "<interrupt level>", ipl= 3, pid= 147 %IPMCAST_RPF-3-INTERNAL_ERROR: An internal error has occured while obtaining RPF information (No memory available to create pathinfo for RPF lookup)

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCuh95602

Symptom: Self bound traffic dropped by firewall

Conditions: NAT64 is configured and traffic is sent from IPv6 client (in) to IPv4 egress interface of UUT (self)

Workaround: There is no workaround.

  • CSCui21549

Symptom: When CUBE received malformed form header it crashed

Conditions: Long form header cause cube to crash

Workaround: There is no workaround.

  • CSCui22204

Symptom: Below mentioned internal IEC error seen in CUBE logs. Jul 22 14:50:28.377 IST: %VOICE_IEC-3-GW: CCAPI: Internal Error (Invalid arguments): IEC=1.1.180.1.9.6 on callID -1 CUBE#sh voice iec description 1.1.180.1.9.6 IEC Version: 1 Entity: 1 (Gateway) Category: 180 (Software Error) Subsystem: 1 (CCAPI) Error: 9 (Invalid arguments) Diagnostic Code: 6

Conditions: This IEC error would be seen while processing incoming SIP REFER for call transfer along with local consumption of REFER ('no supplementary-service sip refer' CLI) i.e CUBE is consuming REFER locally and generating INVITE to transfer target.

Workaround: There is no workaround.

  • CSCui48606

Symptom: 3925 voice xml gateway crashed

Conditions: vxml configured: vxml tree memory 500 vxml version 2.0

Workaround: There is no workaround.

  • CSCui59927

Symptom: A memory leak is observed on a Cisco device due to IPSec which causes free memory to deplete to an extent where the device becomes unreachable.

Conditions: This symptom occurs when IPSec scaling is high.

Workaround: Reduce scaling of IPSec sessions.

  • CSCui70561

Symptom: Low performance for AVC 2.0 on ESP100 setup

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCui75238

Symptom: WIll see the memleaks when trying to use https application

Conditions: Leaks will seen only when trying to use https applications like webauth, web_exec etc over secure communication (https)

Workaround: Disable https(secure communication) and use http for http request.

  • CSCui80379

Symptom: Can not update audio file using the "audio-prompt load" command.

Conditions: Using the B-ACD TCL scripts and loading the audio files from the local flash.

Workaround: Reload router.

  • CSCui81336

Symptom: After reload of DMVPN spoke fails MM-Key Exchange. Hub will show CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from x.x.x.x failed its sanity check or is malformed

Conditions: 1921 IOS router Use the ; character at the beginning of the master encryption key. i.e. key config-key password-encryption <enter> new key:;cisco123 confirm key:;cisco123

Workaround: Change the key so that ; is not the first character. #key config-key password-encrypt Old key:;cisco123 New key:cisco123 Confirm key:cisco123

  • CSCui95762

Symptom: EoMPLS performance downgrade

Conditions: On RP1/ESP10

Workaround: There is no workaround.

  • CSCuj12588

Symptom: show crypto gdoi group <group-name> gm pubkey shows all groups instead of the group indicated in the command.

Conditions: GM has more than 1 group configured.

Workaround: There is no workaround.

  • CSCuj19293

Symptom: Bindings are present after unconfiguring Static NAT mappings

Conditions: static NAT mappings with route-map

Workaround: There is no workaround.

  • CSCuj20520

Symptom: GetVPN GM gdoi policy installation fails.

Conditions: This symptom is observed after reboot.

Workaround: Issue the command clear crypto gdoi after the reboot.

  • CSCuj28444

Symptom: ASR1K:fn_crl_checking: Failed to clear gms database from KS.

Conditions: ASR1K:fn_crl_checking: Failed to clear gms database from KS.

Workaround: There is no workaround.

  • CSCuj85340

Symptom: Enhancement request to improve datapath IPSEC debugs in XE3.11 and above

Conditions: Use of datapath IPSEC debugs

Workaround: There is no workaround.

  • CSCuj87392

Symptom: IPSEC event-tracer messages can't be used for troubleshooting since most of them have no contextual information avalaible [ peer ip or sesssion ID]

Conditions: Troubleshooting ikev2 networks by leveraging ipsec event-trace

Workaround: Uses ipsec debugs instead when ever it's possible

  • CSCuj91923

Symptom: After adding SCCP/DSPFarm configuration and reloading the router, the NMS device reports that a configuration change has occurred because the config is displayed in a different order. This causes false alarms on the NMS.

Conditions: -IOS router with SCCP and DSPFarm configurations -Tested on 15.1(4)M and later -Other IOS versions are affected too.

Workaround: There is no workaround.

  • CSCuj92813

Symptom: instead of triggering modem passthrough in srst mode modem relay is been triggered

Conditions: ios gateway runninbg 151-4M6 and modem passthrough configured for fax

Workaround: Remove the V.150.1 Modem relay configuration at VG2xx by configuring "no stcapp register capability <port>" and restart the SRST and VG2xx so that SRST does not remember the earlier MR capability of VG and it gets the fresh VG device capability which would be Modem paasthru with ?no stcapp register capability <port> ? configuration at VG.

  • CSCuj94274

Symptom: Crypto Routes not getting populated under proper heading

Conditions: crypto route must get populated in proper vrf headings

Workaround: There is no workaround.

  • CSCuj96595

Symptom: CUBE receives incoming SIP reinvite (due to SIP session refresh) and changes SDP version although there is no change in SDP attributes SDP version changes from 8863 to 8864

Conditions: Setup where this issue has been seen Rightfax - CUCM -- CUBE -- SIP SP

Workaround: There is no workaround.

  • CSCuj97103

Symptom: Hung FPI sessions

Conditions: When doing multiple call transfers with REFER

Workaround: There is no workaround.

  • CSCuj99605

Symptom: When a long very long Refer-To header is received, router crashes

Conditions: Long Refer-To header

Workaround: There is no workaround.

  • CSCul02583

Symptom: Payload verification failed for fax calls not received fax calls

Conditions: TGW is sending re INVITE due to not receiving fax

Workaround: Do not use trancoded call.

  • CSCul06522

Symptom: IOS routers can sometimes create duplicate IPSec SA pairs. This decreases platform scalability. Traffic flow is not affected.

Conditions: This was observed in IOS 15.2(4)M4, 15.2(4)M5, 15.3(3)M1. Other versions can be affected as well.

Workaround: There is no workaround.

  • CSCul17089

Symptom: Video call legs are not displayed when video call is active

Conditions: Issue is seen when 2 Phones are in a video call over SIP Trunk

Workaround: There is no workaround.

  • CSCul19668

Symptom: Crypto Map Leak seen

Conditions: Bring up a crypto session and delete it

Workaround: There is no workaround.

  • CSCul33043

Symptom: Unable to get a DSP resources for a Transcoded call.

Conditions: During mid-call when there is a change in codec or DTMF or Hold/Resume with SRTP-RTP call then this issue will be seen. This is applicable only with LTI transcoding.

Workaround: There is no workaround.

  • CSCul41263

Symptom: Midcall REINVITE is passed through when the UCM side puts a call on hold from a Video capable device.

Conditions: A video capable Device connects an audio only call via the ASR CUBE where the UCM facing dial-peers have " voice-class sip midcall-signaling passthru media-change" configured.

Workaround: If the calls routing via UCM to ASR CUBE does NOT require video capabilities, modify the SIP Trunk's Region settings on the UCM where it doesn't allow any video Bandwidth so the capabilities will never be transmitted to ASR.

  • CSCul46066

Symptom: Hung Calls with SIP SPI with Refer Consume Load

Conditions: Description: observing hung calls with Refer Consume CVP load test. Hung calls observed with SIP SPI Steps to reproduce: 1. Configure max connection with 3 Refer to Dial-peer & outbound dial-peer towards CVP. 2. Run Load with 1000 calls for few hours. CPS: 10 CHT: 100 secs Total Number of active calls : 750 Issue observed with max-conn with multiple dial-peers

Workaround: Use dial-peers without max-conn

  • CSCul48967

Symptom: After switch over to standby, IF-MIB count for cvCallVolMediaOutgoingCalls OID is less.

Conditions: After Switchover

Workaround: There is no workaround.

  • CSCul57003

Symptom: ELC MDR:%MDR-3-RESTART_FAILED: SIP1: mdr_cc_client.sh: Failed

Conditions: When one of the ELC in disable state

Workaround: There is no workaround.

  • CSCul65261

Symptom: write bus access failed with fpd upgrade

Conditions: FPD bundled upgrade

Workaround: There is no workaround.

  • CSCul68429

Symptom: FP crash while testing PPoE sessions

Conditions: Applying nat settings to CGN mode

Workaround: There is no workaround.

  • CSCul69060

Symptom: On configuring the telephony-service for the first time onto the router, IP phones do not register despite of the correct configuration on the voice gateway. We have also seen where after a restart the same issue occurs where the IP phones fail to restart however the gateway is configured correctly. This can also happen with SRST fallback using port 2000.

Conditions: Configuring Telephony-service for the first time on the router or after a router restart. Device tested with a 2901 and 2851 running IOS version 15.1(4)M6. IP phones can be any IP phone where they are trying to register on port 2000

Workaround: 1. Under 'telephony-service' run a shut/no shut and check that the port has been opened. OR 2. under "Telephony-service" run "no ip address.. " and then re-configure the same ip address again. run 'show control-plane host open-ports' and check for port 2000 and the IP of CME.

  • CSCul69623

Symptom: A PKI client (ASR router) fails auto renewal of the certificate if 'auto-enroll regenerate' is configured in the trustpoint.

Conditions: A router configured with a trustpoint that has regenerate enabled and a 'usage' key being used for the trustpoint.

Workaround: Remove the regenerate keyword.

  • CSCul69990

Symptom: when flapping mpls mldp with scale v4 setup, the lspvif interface disappears in "show ip mfib" output, and packets are dropped.

Conditions: mldp flapping.

Workaround: There is no workaround.

  • CSCul70801

Symptom: BADPAIR message generated.

Conditions: During DTMF interwork change

Workaround: There is no workaround.

  • CSCul72683

Symptom: Callers receiving general voice-mail greeting when forwarded to CUE voice-mail

Conditions: If one "voice register dn" is forward all, or, forward unregistered to another voice register DN that is also forward all or forward unregistered to CUE voice-mail, there is no Diversion header in the SIP INVITE to CUE. This results in CUE returning the general voice-mail greeting.

Workaround: There is no workaround.

  • CSCul77933

Symptom: The Shadow timer is not seen on the standby router. Even if we make the standby router active, the timer does not start.

Conditions: Two routers in HSRP configured as CA servers in redundancy with auto rollover configured as described in http://www.cisco.com/en/US/customer/prod/collateral/iosswrel/ps6537/ps6586/ps6638/ps6664/configuration_guide__c07_621400.html

Workaround: In case the Standby router becomes Active, Auto-rollover would not work as the Shadow certificate generation timer is not seen on it. In such a case, we may manually rollover the CA server on the Standby router (now Active) to generate the Shadow CA certificate and the Shadow keypair. To manually rollover, run the command: "crypto pki server server_name rollover".

  • CSCul81353

Symptom: ASR1006 with RP2 running ES version based of Version 15.3(1)S crash with Segmentation Fault

Conditions: This symptom is observed after two weeks of uptime and during normal load condition.

Workaround: Workaround is to reboot the box to recover from the situation.

  • CSCul81777

Symptom: On an ASR1000 series router, the ESP can crash when packet trace is enabled.

Conditions: Conditional debug and packet-trace is enabled.

Workaround: There is no workaround.

  • CSCul83474

Symptom: ESP crash

Conditions: Seen when executing "no ip cef load-sharing algorithm include-ports destination" with high throughput about 10Gbps

Workaround: There is no workaround.

  • CSCul85526

Symptom: When we add multiple ports on the crypto acl on the primary KS the GM gets the acl without the ports. No syslog is generated on KS1 to show it does not support them and a new TEK is generated.

Conditions: Happens at all times.

Workaround: This is not a supported feature and it should not be used.

  • CSCul86249

Symptom:For MPLSoDMVPN/FlexVPN feature specific G-ACh (Generic associated channel) type number need to be allocated by IETF for NHRP. Currently an experimental number is used. A CLI will be provided to configure the G-ACh type number so that the same can be configured on the old routers when we have specific G-ACh type number allocated for NHRP. refer RFC5586 MPLS Generic Associated Channel

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCul86992

Symptom: 894X show UTC time instead of configured olson timezone. 894X SCCP phones uses tzdatacsv.csv and not tzupdater.jar as Olson timezone database but on configuring Olson time-zone CME updates the 894X phone configuration file with tzupdater.jar instead of tzdatacsv.csv. Sample erroneous configuration file for 894X: <tzdata> <tzolsonversion>2013g</tzolsonversion> <tzupdater>tzupdater.jar</tzupdater> </tzdata> <devicePool> <dateTimeSetting> <dateTemplate>M/D/YA</dateTemplate> <timeZone>Mexico Standard/Daylight Time</timeZone> <olsonTimeZone>Europe/Prague</olsonTimeZone> </dateTimeSetting>.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCul88528

Symptom: On a GETVPN KS (Key Server), if there is a registration interface configured for the GDOI group, then GM registration to that group will fail with the following log message reported on the KS: %GDOI-1-UNREGISTERED_INTERFACE: Group getvpn-grp received registration from unregistered interface

Conditions: A registration interface is configured on the Key Server.

Workaround: Remove the registration interface configuration from the Key Server.

  • CSCul89581

Symptom: Supervisor not able to monitor Agent conversation Remotely where CCE-CVP at higher version and RSM at 9.1(1)

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCul89998

Symptom: c3900 as RSVP agent crashed "%SYS-6-STACKLOW: Stack for process SCCP Application running low, 0/12000"

Conditions: IOS Image: 153-3.M1 CUCM Image: 10.0.1.10000-24 C3900 router configured as RSVP-Agent for CUCM feature e2eRSVP crashed under extended traffic load (3 days). The traffic was running at a rate of 250 concurrent RSVP sessions. Topology: Phone-A----------(Cluster-1)----------- SIP Trunk ------------(Cluster-2)--------Phone-B | | | | | sccp sccp | | | | | RTP------------(RSVP-Agent1)---------- IP/RSVP---------(RSVP-Agent-2)---- rtp Cluster-1 CUCM controls rsvp-agent-1 [c3800] Cluster-2 CUCM controls rsvp-agent-2 [c3900] --> Calls are made between Cluster-1 and Cluster-2 in both directions. Type of calls: Basic, and supplementary Services (Hold-resume, Transfers, Conferences)

Workaround: There is no workaround..

  • CSCul93169

Symptom: Handling and Printing Multiple subscribe messages, CUBE crashed.

Conditions: Handling and Printing Multiple subscribe messages

Workaround: Don't Enable Debugs

  • CSCul94606

Symptom: Standby CUBE crashed while handling Agent transfer.

Conditions: This symptom is observed when an agent transfers the call to another agent.

Workaround: There is no workaround.

  • CSCul96190

Symptom: MDR RECONCILE: Failed to complete WARM sync

Conditions: During ELC MDR

Workaround: There is no workaround.

  • CSCul96421

Symptom: Outbound calls over SIP trunk to provider fails.

Conditions: SIP IP phone (99xx) ------> CME ---------> SIP Trunk --------> ITSP Cisco IOS - 15.3(3)M and 15.4(1)T versions.

Workaround: Downgrade Cisco IOS version to 15.2(4)M.

  • CSCul96470

Symptom: CUBE crashed doing a "per-call shut".

Conditions: This symptom is observed when you configure CUBE for PCD buffer logging.

Workaround: There is no workaround.

  • CSCul96947

Symptom: Traceback appears on standby RP during SPA OIR

Conditions: T1 channels are configured. Then a random t1 channel is deleted and spa soft oir is done.

Workaround: There is no workaround.

  • CSCul97893

Symptom: In an IOS PKI HA setup, when the CA server is deleted on the Active router, the Standby router also prompts for confirmation, if logged in through Console. The following prompt is observed: % CA certificate, Keypair, CRL and database files will be deleted. Do you wish to continue? [yes/no]: Ideally, this should be seen on the Active router only. If the administrator is logged in through SSH or TELNET, the prompt is not seen and the CA server is not deleted on the Standby router.

Conditions: Two routers in HSRP (running 15.4(1)T or higher)configured as CA servers in redundancy as described in http://www.cisco.com/en/US/customer/prod/collateral/iosswrel/ps6537/ps6586/ps6638/ps6664/configuration_guide__c07_621400.html and the CA server is deleted on the Active router.

Workaround: When deleting the CA server on the active router, log on to the standby router as well, and answer 'yes' on the Standby router.

  • CSCul98774

Symptom: ASR1K DSP MIB "cdspCardObjects" are not working after the RP2 switchover happens for various reasons.

Conditions: When RP switch over happens.

Workaround: workaround is to do a hw-module stop/start on the SPA-DSP cards.

  • CSCum00348

Symptom: Incorrect primary and Secondary Dial-tone

Conditions: Cptone DE is configured under FXS ports

Workaround: Step1: Router# test voice tone DE dialtone 1 425 0 -200 -200 -240 0 0 0 200 300 200 300 200 800 0 0 Step2: Router# test voice tone DE 2nd_dialtone 1 425 0 -200 -200 -240 0 0 0 200 300 200 300 200 800 0 0 Step3: shut the voice-port Step4: Unshut the voice port

  • CSCum00792

Symptom: Hung FPI session will be seen after agent answer and disconnect.

Conditions: Hung FPI session will be seen after agent answer and disconnect.

Workaround: There is no workaround.

  • CSCum01936

Symptom: IKEv2 SA does not come UP

Conditions: IKEv2 configured with Virtual-Template

Workaround: configure tunnel mode auto

  • CSCum03513

Symptom: 3905 SIP show UTC time instead of configured olson timezone. 3905 SIP phones uses tzdatacsv.csv and not tzupdater.jar as Olson timezone database but on configuring Olson time-zone CME updates the SIP 3905 configuration file with tzupdater.jar instead of tzdatacsv.csv.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCum03790

Symptom: Immediately after the 200 OK is sent in response to the Re-Invite the ITSP sends a BYE as they expected the origin version id to increment. The lack of incrementation cause the call to be torn down by the ITSP.

Conditions: This problem was observed in the following scenarios : - Switchover from voice to fax - Change in codec for voice calls SDP content-length size is different in initial outgoing Invite to perform call setup than it is in 200 OK response to an inbound Re-Invite which causes the origin (o=) version in the SDP not to increment. CUBE however sees the content-length sizes as the same size. Previous SDP content-length was 250, 399 was the current SDP content-length: SIP/Info/sipSPICheckForSDPModification: prev send SDP size = 399, curr send SDP size = 399 SIP/Info/sipSPICheckForSDPModification: prev send SDP and curr send SDP are same /SIP/Info/sipSPIHandleSDPOwnerVersionIDChange: SDP owner_version ID not incremented..

Workaround: There is no workaround.

  • CSCum04304

Symptom: Path-confirmation check failed on CUBE in DTMF_DO-EO scenarios

Conditions: Configure CUBE for dynamic pass through - DTMF in DO-EO scenario

Workaround: There is no workaround.

  • CSCum05299

Symptom: SIP phones not able to dial out when registered to CME 10.0 with IOS version 15.3(3)M1 With output "Ip Trust List Authentication failed for Incoming Request, method = INVITE" when debug ccsip all enabled in the router.

Conditions: Voice router running in IOS version 15.3(3)M1, with IP address trust list enabled (default configuration) under voice service voip

Workaround: *) Disable "ip address trusted authenticate" *) Add SIP phone IP address to IP trust list. *) Downgrade the IOS version

  • CSCum06516

Symptom: %CMCC-3-SIP_MDR_FAIL: SIP0: because ESI verification failed

Conditions: During ELC MDR

Workaround: There is no workaround.

  • CSCum08864

Symptom: When there is a policy change (either KS or GM) in Pre-PAL, the Cisco ASR 1000 router registers again. This is because in TCAM, SA cannot be inserted or moved. An ACL merge was done in the ACE driver, and reregistration was triggered from there. Post-PAL, ACL merge intelligence is moved to a control plane. ACL is changed and change flow priority occurs. The SA is inserted with second priority which cannot be handled by the device.

Conditions: This symptom occurs when an ACL changes on the KS or the GM.

Workaround: There are four workarounds: 1. Manually clear GetVPN registration on the Cisco ASR 1000 router using <CmdBold>clear crypto gdoi<noCmdBold>. 2. If permit ACL is appended to KS ACL or if ACL is removed from the bottom of KS ACL, then there is no flow priority change, and no issue is observed. The limitation with this workaround is that the group configuration on KS has only one SA. If "deny ACL" is added, a few packet drops are observed. 3. EEM script which monitors Rekey Syslog and clears the registration. This is the same as Workaround 1 but is automatically done. The disadvantage of this workaround is that Rekey syslog is same during normal rekey and policy change rekey. Hence reregistration occurs through normal rekey too. Sample EEM script: event manager applet GM_RE_REG event syslog occurs 1 pattern ".*GM_RECV_REKEY.*" action 10 syslog priority warnings msg "EEM trigger workaround for CSCum08864" action 20 cli command "enable" action 30 cli command "clear cry gdoi" pattern "Are you sure you want to proceed" action 40 cli command "yes" 4. The ACL is swapped on KS with the new ACL and Rekey is done. The Cisco ASR 1000 GM will reregister. A small packet drop during reregistration is observed.

  • CSCum15066

Symptom: Memory leak observed in CUBE for BWCAC call-flow

Conditions: This issue is observed when initial INVITE is rejected by CUBE due to BWCAC criterion.

Workaround: Not known at this point of time.

  • CSCum15364

Symptom: Router is getting crashed with basic call while MP4A-LATM codec is used.

Conditions: This symptom is observed when MP4A-LATM codec is used in the dial-peers.

Workaround: There is no workaround.

  • CSCum15704

Symptom: ipsec sas are not coming up for ezvpn split acl

Conditions: ezvpn with split interface ipsec sas do not come up

Workaround: There is no workaround.

  • CSCum18017

Symptom: FP Crashed for RTP-SRTP Call

Conditions: When RTP-SRTP call initiated.

Workaround: There is no workaround.

  • CSCum18033

Symptom: CUBE crashed when debugs enabled for srtp passthrough call

Conditions: With service log backtrace configured

Workaround: There is no workaround.

  • CSCum20746

Symptom: Key Server (KS) fails to send rekey & Group Member (GM) fails to process rekey when "clear crypto gdoi ks members" is executed on the KS after changing the IPsec ACL with Suite-B configured on the KS. Secondary KSs don't show any TEKs after changing crypto ACL.

Conditions: Key Server (KS) has Suite-B configured with a certain IPsec ACL. Change the IPsec ACL on the KS so that the new ACL has no overlapping entries as the old ACL and issue "clear crypto gdoi ks members" on the Primary KS.

Workaround: Issue "clear crypto gdoi" on the GMs to force their re-registration.

  • CSCum22661

Symptom: When a Peer sends a certificate with no CDP, the IOS PKI client will try to retrieve the CRL through SCEP [GetCRL] directed to CA, based on enrollment url value, however in case of enrollment profile [with a valid enrollment url], it complains that the enrollment url is not present

Conditions: IOS PKI Client configured with an Enrollment profile, which has enrollment url and authentication url to communicate with the CA using SCEP.

Workaround: a) configure the enrollment URL under the trustpoint directly instead of using it through enrollment profile or b) configure the CA to embed a CDP in the client certificates [an HTTP Server or SCEP URL]. Peer will need to be reenrolled afresh. SCEP URL looks like: crypto pki server IOS-CA cdp-url http://10.106.72.139/cgi-bin/pkiclient.exe?operation=GetCRL [Note: Before typing in ? next to pkiclient.exe in the URL above, type Ctrl V]

  • CSCum23619

Symptom: No counter to show the ATM VC IFM call out and response

Conditions: ATM VC IFM call

Workaround: There is no workaround.

  • CSCum24009

Symptom: Transfer scenarios fail with ANAT and VCC (No DSP) configured

Conditions: Issue is observed for DODO

Workaround: Apply DOEO configurations

  • CSCum26501

Symptom: cefcFRURemoved traps are not generating for different SPA Cards.

Conditions: While testing hard OIR on CISCO-ENTITY-FRU-CONTROL-MIB

Workaround: There is no workaround.

  • CSCum28569

Symptom: Called name not updated to the ephone

Conditions: Call Flow: CME -> INVITE CME <- 100 Trying CME <- 183 with no called name in RPID CME <- 183 with called name in RPID In such a scenario called name in not updated by CME.

Workaround: There is no workaround.

  • CSCum30814

Symptom: When SIP Gateway sends INVITE to CVP, no response is received and call fails. CVP logs report the following error: CVP_9_0_SIP-3-SIP_CALL_ERROR Exception in invitation: com.dynamicsoft.DsLibs.DsSipParser.DsSipParserException: No closing boundary found. for INVITE:

Conditions: This symptom is observed in the call Flow: PRI - > Ingress GW >> SIP >> CVP IOS: 15.1.4M3 CVP: 9.0.1 SIP Profiles applied to outbound dial-peer or globally with SDP header rule manipulation, regardless of whether the rule is applicable to the message or not. "signaling forward unconditional" configured under 'voice service voip' or inside the dial-peer SIP Gateway sends malformed SIP INVITE when "Content-Type: application/x-q931" has to be tunneled. The "--uniqueBoundary" is not properly closed causing interoperability issues with CVP. --uniqueBoundary Content-Type: application/x-q931 Content-Disposition: signal;handling=optional Content-Length: 48 ^B^AI^E^D^B^@^P^X^Da^@^C^B ^B.........................................................................................................................................................................................................................................................................................................................

Workaround: Perform the following workaround: 1. Configure a 'dummy' SIP Profile with no rules and apply it to the outbound dial-peer: voice class sip-profiles 3 ! dial-peer voice x voice voice-class sip profiles 3 2. In non-CVP call flows or if Courtesy CallBack (CCB) is not required the following can be configured under voice service voip or dial-peer: - signaling forward conditional - signaling forward none 3. Remove SIP Profiles completely from the call flow (dial-peer and Globally).

  • CSCum34515

Symptom: QFP crash

Conditions: SIP ALG traffic with FW and NAT

Workaround: There is no workaround.

  • CSCum37116

Symptom: Older version v1.8 is currently bundled with FPD for Jacaranda

Conditions: New version v1.9 is available

Workaround: There is no workaround.

  • CSCum37662

Symptom: MAC Accouting Reconstruction of AVL tree takes long time

Conditions: Triggered on scaled MAC accouting during MDR replay

Workaround: There is no workaround.

  • CSCum38420

Symptom: Run the refer consume case without TCL for 4 hours (10 cps & 2 mins hold time), then stop calls, wait for 15 mins to call gets cleared. Afer that observed hung calls & did test crash to get the info related to hung calls. Now, new active is handling calls, make new call, cube is rejecting the call with 488

Conditions: Issue observed only when switch over happens.

Workaround: There is no workaround.

  • CSCum40306

Symptom: Router crashes during call transfer in SRST mode

Conditions: Call transfer in SRST mode, including SCCP phones

Workaround: There is no workaround.

  • CSCum40363

Symptom: while making h323 call,audio packets which are passing via ASR router not receiving at the endpoints.

Conditions: ASR router is configured with NAT Firewall

Workaround: There is no workaround.

  • CSCum43752

Symptom: IOSD crash at ipv6_intf_mtu on flexvpn client

Conditions: Flapping flexvpn client configured with ipv6 on tunnel interface.

Workaround: There is no workaround.

  • CSCum44590

Symptom: "ip load-sharing per-packet" is enabled on ASR1K

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCum46324

Symptom: GM re-registers to the KS after not receiving a rekey. The KS does not reset the counters for rekey Acks missed by the GM after the GM re-registers. This results in the GM being deleted after missing three rekeys, even though its registered.

Conditions: This symptom is observed when WAN failure and recovery on the GM interrupting rekey ACKs to reach back the KS.

Workaround: There is no workaround.

  • CSCum46511

Symptom: High CPU utilization is seen on 2921 platform running 15.3(3)M1 while sending 2Mbps traffic.

Conditions: This symptom is observed with GETVPN crypto-map configured on the outbound interface send 2 Mbps of UDP based traffic, TBAR (time based anti-replay was turned on).

Workaround: Turn off TBAR (time-based anti-replay).

  • CSCum48325

Symptom: ucode crash @dtl_poll_pending_tickle with 'ip nat sett mode cgn'

Conditions: ucode crash @dtl_poll_pending_tickle with 'ip nat sett mode cgn'

Workaround: There is no workaround.

  • CSCum49437

Symptom: ucode crash@ipv4_nat_cgn_mode_dp_rel_mem on changing nat mode

Conditions: In a scaled setup on changing nat mode

Workaround: There is no workaround.

  • CSCum52078

Symptom: DOEO call fails for ILBC codec(rtp-nte) with ANAT enabled.

Conditions: This symptom is observed when following conditions are met: 1. DOEO call 2. ANAT enable at outgoing leg 3. ilbc codec is configure for outgoing leg.

Workaround: This issue is not observed for DODO. <B>Symptom: DOEO call fails for ilbc codec(rtp-nte) with ANAT enabled

Conditions: When following conditions meet 1. DOEO call 2. ANAT enable at outgoing leg 3. ilbc codec is configure for outgoing leg.

Workaround: works for DODO

  • CSCum54136

Symptom: After a KS reload, or a network split or a coop configuration change or any condition that forces a GM to re-register to a different KS in a coop the snmpwalk for object cgmGdoiGmEntry will not return any values for that GM in the previously registered KS.

Conditions: In a coop if the GM re-registers to a new KS the snmpwalk -v 2c -c wells old_KS_IP 1.3.6.1.4.1.9.9.759.1.2.2.1 command will not return information for that GM on the KS the GM was previously registered at.

Workaround: There is no workaround.

  • CSCum55299

Symptom: Path-confirmation check failed on CUBE in SRTP-RTP call

Conditions: Configure CUBE for SRTP-RTP call

Workaround: There is no workaround.

  • CSCum55357

Symptom: CUBE crashes for SIP-H323 Transcoding call.

Conditions: The issue is seen while running regression for Cisco IOS Release 15.3(3)M1.9.

Workaround: There is no workaround.

  • CSCum56779

Symptom: For a SIP - TDM call, early dialog caller-id update does not work

Conditions: Setup and call scenario: Sipp-----------GW---------------Callgen For an SIP UPDATE request received during ringback ( Early Dialog), caller-id update should be sent in a FACILITY message on the TDM leg. The FACILITY message with caller-id update is not seen to be sent on the TDM leg.

Workaround: There is no workaround.

  • CSCum57306

Symptom: SCB leak seen when the Refer Call with error condition is run under laod

Conditions: Refer Call flow which fails

Workaround: There is no workaround.

  • CSCum60848

Symptom: Under certain conditions, a DSP will hang in certain call scenarios including REFER passthrough.

Conditions: This symptom is observed under heavy load.

Workaround: There is no workaround.

  • CSCum61077

Symptom: Packets dropped while IPV4 to IPV6 translation with size above 1252.

Conditions: NAT64 on ASR1K.

Workaround: Decrease the IPV4 mtu size to 1252.

  • CSCum61622

Symptom: Traceback may be seen with sip/sunrpc/rtsp/rcmd/msrpc

Conditions: scaled ALG

Workaround: There is no workaround.

  • CSCum66182

Symptom: SNMP Query on the object dot3StatsDuplexStatus is shown as unknown.

Conditions: While testing Ether-Like MIB for ASR1000-6TGE.

Workaround: There is no workaround..

  • CSCum68074

Symptom: many packets are dropped for NatIn2out cause

Conditions: PAT, interface overload

Workaround: PAT pool overload

  • CSCum68287

Symptom: GM reloads unexpectedly when enabling V6-crypto map on an interface with VRF-aware GDOI configs on the latest XE3.12 throttle images

Conditions: Seen on all ASR platforms, with latest XE3.12 throttle base images This is 100% reproducible and extremely service impacting. This happens only when you enable "ipv6 crypto map" which has a local GM deny ACL associated with it. Enabling v4-crypto map is fine

Workaround: Do not use the local GM ACL for IPV6 crypto map. This may not be a feasible workaround in the field.

  • CSCum69152

Symptom: SIP SRST and adding more than one alias commands, only 'alias 1' command creates a dial-peer. voice register global mode srst system message SRST Active max-dn 20 max-pool 20 ! voice register pool 1 id network 1.1.1.0 mask 255.255.255.0 alias 1 1111 to 4444 alias 2 2222 to 4444 voice-class codec 1 Only the alias 1 dialpeer gets created and calls to that extension will work (as long as you also have the correct translation rule as per docs).

Conditions: CME in SIP-SRST mode.

Workaround: Use translation-rules to achieve this behavior. <B>Symptom: SIP SRST and adding more than one alias commands, only 'alias 1' command creates a dial-peer. voice register global mode srst system message SRST Active max-dn 20 max-pool 20 ! voice register pool 1 id network 1.1.1.0 mask 255.255.255.0 alias 1 1111 to 4444 alias 2 2222 to 4444 voice-class codec 1 Only the alias 1 dialpeer gets created and calls to that extension will work (as long as you also have the correct translation rule as per docs).

Conditions: 2900 series router running SIP SRST running version c2951-universalk9-mz.SPA.152-4.

Workaround: There is no workaround.

  • CSCum70161

Symptom: CUBE 180 w/o SDP and 200OK need to send CPA details in MIME

Conditions: when CPA event to process with dialer

Workaround: There is no workaround.

  • CSCum70245

Symptom: No FPI session created

Conditions: RTP loopback

Workaround: There is no workaround. None

  • CSCum70828

Symptom: SNMP Query on dot3StatsDuplexStatus is shown as unknown on SPA-5X1GE-V2.

Conditions: While testing Ether-like MIB for SPA-5X1GE-V2.

Workaround: There is no workaround.

  • CSCum71485

Symptom: An increasing number of TEKs are generated every 30 seconds.

Conditions: This symptom occurs under the following conditions: 1. Change the Group Identity on the Secondary KS causing encryption failure. Change the Group Identity on the Primary KS. All the GMs are deleted from the KSs. 2. Restore the Secondary Key Server. Wait for it to come up as Primary for the Group : GETVPN-GROUP-1. 3. Restore the Primary Key Server with Group : GETVPN-GROUP-1. 4. This creats a new TEK policy every 30 seconds from the newly elected Primary Key Server KS2. The sequence number for rekey remains 1. 5. KS1 is restored to be the primary role. 6. After the existing TEKs from KS2 are expired, it behaves normally.

Workaround: There is no workaround. <B>Symptom: Increasing number of TEK generated every 30 secs

Conditions: 1. Change the Group Identity on the Secondary KS causing encryption failure, Change the Group Identity on the Primary KS. All the GMs are deleted from the KSs. 2. Restore the Secondary Key Server. Wait for it to come up as Primary for the Group : GETVPN-GROUP-1 3. Restore the Primary Key Server with Group : GETVPN-GROUP-1 4. This is creating a new TEK policy every 30 sec from the newly elected Primary Key Server KS2. The sequence number for rekey remains 1. 5. KS1 is restored to be the primary role. 6. After the existing TEKS from the KS2 are expired it behaves normally.

Workaround: There is no workaround.

  • CSCum73172

Symptom: memory usage keep increase

Conditions: config ATM PVC bundle interface

Workaround: There is no workaround.:

  • CSCum73773

Symptom: QFP crash

Conditions: remove ip nat setting mode and run "sh pl hard qfp ac statistics drop"

Workaround: There is no workaround.

  • CSCum77922

Symptom: CUBE fails to perform 407 Error Message Passthrough if it receives a 100 Trying before the 407 Proxy Authentication Required and sends a 503 Service Unavailable to the UAC.

Conditions: ITSP sends a 100 Trying before the 407 Proxy Authentication Required

Workaround: Receive the 407 Proxy Authentication Required as first response to an Invite

  • CSCum78260

Symptom: ASR1K:GM1 did not have 1 recovery registration to group GDOI_GROUP_1.

Conditions: Issue is newly seen only in ASR routers and not in ISR.

Workaround: There is no workaround.

  • CSCum79817

Symptom: "488: Not acceptable media" message seen for DOEO ANAT calls with ILBC codec.

Conditions: This symptom is observed when following conditions are met: 1. DOEO 2. ANAT calls 3. ILBC codec (Did not test for other codecs)

Workaround: This symptom is not observed for DODO.

  • CSCum81041

Symptom: One way audio incoming calls redirected through CVP.

Conditions: Call flow: ------------ Caller----G711----TDM GW----SIP-----ASR1K----SIP-----CUSP----SIP----CVP(Vz0)----IP-IVR | | -----SIP---CVP (BAMS) | |--------SIP---CUCM---Agent Phone (G729 only) Initially the caller is connected to IP-IVR, both ingress and egress leg of the CUBE is doing G711. Call is connected to the IP-IVR, then CVP sends a refer to the VXML GW for playing prompts and ringback tone etc. When the call is transferred to the agent, CUBE negotiated G729 at the sip level with the CVP, but because of mid-call signalling block on the ingress side, continue with the G711. Hence xcoder is invoked on the CUBE to handle G729 to G711 and vise versa, but CUBE is still sending G711 media to the agent phone side while the agent phone is sending G729 media to the CUBE.

Workaround: There is no workaround.

  • CSCum81717

Symptom: 183 session progress is blocked by the sip gateway

Conditions: 183 session Progress is received with SDP and Require:100 rel header and "block 183 sdp absent" is configured

Workaround: There is no workaround.

  • CSCum83957

Symptom: A router may crash due to a bus error when running "show sccp connections sessionid".

Conditions: This has been observed on a 3900e router running 15.3(2)T. SCCP features are configured on router.

Workaround: There is no workaround.

  • CSCum84172

Symptom: Incorrect NHRP mapping information for a hub can be propagate throughout the DMVPN network and cause data packet forwarding via a spoke-hub-spoke path even when a spoke-spoke direct path has been built and the sending nodes "thinks" it is sending on the direct path.

Conditions: A DMVPN spoke node is mis-configured with the correct tunnel IP address, but the wrong NBMA address for a hub (hub1). In this case the incorrect NBMA address would be for a different hub (hub2). Hub1 is configured to be both a hub and a spoke. I.e. it can be the end-point for spoke-spoke tunnels.

Workaround: Fix the spoke that has the incorrect mapping and then shutdown the hub (hub1) that "thinks" it is behind NAT. This hub must be left in a down state for long enough to ensure that any copy of the mis-configured mapping times out on all nodes in the DMVPN network. In most cases two times the NHRP hold time should be sufficient.

  • CSCum84999

Symptom: SUBSCRIBE received from CVP after BYE and NOTIFY with subscription-state : terminates is send by CUBE.

Conditions: This symptom is observed when SUBSCRIBE IS recieved after call is terminated with BYE.

Workaround: There is no workaround.

  • CSCum85381

Symptom: CUBE drops Method Notify (OOB Notify DTMF) in SIP to SIP call flows, when 183 Session Progress without SDP is received just after 183 Session Progress with SDP. For Example: CUCM --> SIP --> CUBE ---> ITSP When Cube receives 183 Session (with SDP) from ITSP, it sends out Method Notify back to CUCM. ITSP sends another 183 Session (without SDP), at this point, CUBE strips out NOTIFY towards CUCM. This causes CUCM to disable DTMF on this call.

Conditions: There are no know conditions

Workaround: Add method Notify manually on the first leg using a SIP Profile. voice class sip-profiles 99 response 183 sip-header Call-Info remove response 183 sip-header Call-Info add "Call-Info: <sip:10.1.1.1:5060>;method=\"NOTIFY;Event=telephone-event;Duration=500\""

  • CSCum86159

Symptom:CPP crash

Conditions: Conditional debugging and packet tracing is enabled on join interface for OTV.

Workaround: There is no workaround.

  • CSCum86411

Symptom: BGP performance will be slower on RP2 on 15.4(02)S release or newer images.

Conditions: Large scale BGP routes

Workaround: Use Image 15.4(01)S or older.

  • CSCum88818

Symptom: memory leak in CPP List Hdr Chunk

Conditions: Flapping flexvpn sessions

Workaround: There is no workaround.

  • CSCum90650

Symptom: When REFER based transfer failed with 503 in NOTIFY, CUBE tried to bridge the call, but CUBE retransmit REFER again even though got 503 service error :

Conditions: REFER passthrough

Workaround: refer consume

  • CSCum93356

Symptom: CUBE doesn't send mp4a-latm fmtp attributes in early dialog UPDATE

Conditions: This issue is observed in DO-EO call with flow-around configured and the SDP negotiation happens in early dialog.

Workaround: If SDP is negotiated in confirmed dialog, then this issue is not seen.

  • CSCum94408

Symptom: Intermittently, if a root's CRL to validate Sub does not get downloaded [Internal or External failures], and the CRL by Sub gets downloaded, the following message will be seen: [Debug crypto isakmp and Debug crypto pki m/t/v/c] ISAKMP (35845): adding peer's pubkey to cache ISAKMP:(35845): processing SIG payload. message ID = 0 %CRYPTO-3-IKMP_QUERY_KEY: Querying key pair failed.

Conditions: This symptom occurs in Cisco IOS configured with the IKEv1, Authentication mode RSA-SIG [Certificates]. PKI Infrastructure is as follows: Root -> Sub -> ID - Root and Sub Trustpoint have "revocation-check crl none". - Sub has "chain-validation continue Root".

Workaround: Disable Revocation-check and Chain-validation under Sub Trustpoint.

  • CSCum94541

Symptom: This is an Enhancement request on PKI Split-VRF Feature. Enrollment profile only allows us to source the enrollment traffic from a specific VRF, however it does not allow us to control the source-ip/interface

Conditions: PKI Split VRF Feature, where one is allowed to configure VRF for enrollment through enrollment profiles, and VRF for CRL checking through Trustpoint.

Workaround: There is no workaround.

  • CSCum95078

Symptom: Large IPSEC packets get dropped when fragmentation is done after IPSEC encapsulation.

Conditions: This symptom is not observed under any specific conditions.

Workaround: There is no workaround.

  • CSCum96146

Symptom: CUBE HA pair crashes with crashinfo file being generated.

Conditions: 3945E CUBE routers running as a redundant pair on IOS 15.2(1)T2.

Workaround: There is no workaround.

  • CSCum96156

Symptom: IOS will fail to match the certificate map intermittently

Conditions: IOS PKI using certificate maps, to authorize the Peer certificates or override CDP. In this case: - if a certificate map is written on a PC, with upper case letters in them: Ex: crypto pki certificate map HR-Users 10 subject-name co ou = HR-Users - and this is a part of the configuration that is merged with the running config through IOS file-system [directly from flash or FTP/TFTP/HTTP etc], IOS retains the upper case letters. [contrary to certificate maps written through CLI, always converts everything to lower case letters]

Workaround: A) - copy the certificate maps [that have upper case letters in them] to a notepad - remove the certificate maps [that have upper case letters in them] - paste the certificate maps, through IOS CLI - wherever these cert maps were being called, they will stay intact, and this change will take effect immediately or B) - The certificate map needs to enter IOS in a manner that IOS would insert it if you were to enter it in a CLI I.e. Make sure the external config generators generate the certificate map in such a way that everything is in lower case, and it has white spaces between DN OID, '=' and the value.

  • CSCum97856

Symptom: Traceback appears in the common setup affecting the test

Conditions: Attaching service policy to zone pair security

Workaround: There is no workaround.

  • CSCum98149

Symptom: Astro is not being initialized in ROMMON

Conditions: Initialize ASTRO ECSR in ROMMON

Workaround: There is no workaround.

  • CSCun00783

Symptom: channel group wil link id > 4 is not configurable.

Conditions: whiel configuring the vlan based load balance

Workaround: Use only link id 1-4

  • CSCun02605

Symptom: ASR crashes with no known trigger in CCSIP_SPI_CONTROL process.

Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ. CUBE INVITE | INVITE (Via branch=ABC) ----------------------------->| ----------------------------------------> | 200 OK (Via branch=DEF) | <----------------------------------------- | Cube fails to send ACK to 200 OK for some reason and causes a crash

Workaround: There is no workaround. <B>Symptom: ASR crashes ith no known trigger in CCSIP_SPI_CONTROL process

Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ. CUBE INVITE | INVITE (Via branch=ABC) ----------------------------->| ----------------------------------------> | 200 OK (Via branch=DEF) | <----------------------------------------- | Cube fails to send ACK to 200 OK for some reason and causes a crash

Workaround: There is no workaround.

  • CSCun02711

Symptom: observing cpp_cp_svr crash

Conditions: Interface Flap with Model4 QoS under Oversubscribe load

Workaround: There is no workaround.

  • CSCun02772

Symptom: Part of the "MCSA Requst Parameters" are not updated when showing gtp pdp details

Conditions: When issuing show gtp pdp related commands with "detail" option

Workaround: There is no workaround.

  • CSCun03189

Symptom: The test gtp commands are diasabled

Conditions: Issue test gtp commands.

Workaround: There is no workaround.

  • CSCun05026

Symptom: Tracebacks @ ipnat_establish_alias seen with IPsec and NAT64 configs

Conditions: While bringing up IPsec sessions.

Workaround: There is no workaround.

  • CSCun05121

Symptom: Memory leak at SRTP Keys in Dolby Feature.

Conditions: Memory leak seen in SRTP Call

Workaround: There is no workaround.

  • CSCun07486

Symptom: "token" CLI is getting missed under Crypto pki.

Conditions: UUT is loaded with 15.4(1.20c)CEL5.5.

Workaround: There is no workaround.

  • CSCun08016

Symptom: observing cpp_cp_svr crash

Conditions: on unconfiguration of IPHC scaled configuration

Workaround: There is no workaround.

  • CSCun08423

Symptom: NIM Card type details are not specific in show command port details

Conditions: card type details are not specific in "show voice port x/x/x" in dynamo3 FXS cards. It is just mentioned as "NIM-FXS" in the show command output.

Workaround: There is no workaround.

  • CSCun08855

Symptom: ASR router crash with iosd punting packet to port-channel with ERSPAN configured on the router

Conditions: port-channel and ERSPAN configured on the router

Workaround: There is no workaround.

  • CSCun09014

Symptom: multiple crashes witnessed due to memory being freed.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCun10115

Symptom: entPhysicalContainedIn of NIM Module is showing the spa bay on ASR1001-X Chassis.

Conditions: While testing EntityMIB for ASR1001-X Chassis.

Workaround: There is no workaround.

  • CSCun12523

Symptom: packet dropped at interface

Conditions: encap change on tunnel

Workaround: remove the tunnel interface and config it again.

  • CSCun13053

Symptom: clean up fail in fhs testing

Conditions: Tracebacks are seen

Workaround: There is no workaround.

  • CSCun13772

Symptom: CPUHOG messages and watchdog timeout crashes are observed on an ASR1000 series router running DMVPN.

Conditions: This has been observed on a router with a very large NHRP table (10-20k individual entries) with a very high number (thousands) of child entries per parent entry.

Workaround: Reduce the number of child entries per parent entry through the use of supernetting.

  • CSCun13800

Symptom:VG224 responds with a different RTP port each time for multiple StationPortReq messages from CUCM for the same call. Seen in 15.1(4)M7

Conditions: CUCM sending multiple StationPortRequest to VG VG224 registered SCCP to CUCM

Workaround: There is no workaround.

  • CSCun17831

Symptom: Modem Relay call fails with new NIM FXS card on O2 platform

Conditions: Modem Relay call fails

Workaround: There is no workaround.

  • CSCun17913

Symptom: Invalid input after saving 68 byte feature config & reloading router

Conditions: Invalid input after saving 68 byte feature config & reloading router

Workaround:

  • CSCun20232

Symptom: shutdown one tunnel interface,the chassis crash

Conditions: Step 1 :Setup dmvpnv3 scenario with two spokes Step 2 :On spoke 2,tunnel100 and tunnel200 are a pair of DMVPN tunnels Step 3: unconfigure "maximum-paths ibgp *" to make the two tunnels with one route to hub Step 4: add spoke to spoke traffic and after the traffic is contronlled by cent,shutdown tunnel100,the crash will be hit

Workaround: make sure the configuration is right

  • CSCun20588

Symptom: When REFER is received on CUBE and CUBE send to ITSP where ITSP did not respond to the REFER and CUBE try to Resume the call Memory Leak seen.

Conditions: When REFER is received on CUBE and CUBE send to ITSP where ITSP did not respond to the REFER and CUBE try to Resume the call Memory Leak seen.

Workaround: There is no workaround.

  • CSCun20719

Symptom: Reload the router, and check the system clock [it should be an authoritative source of time: show clock ? no * is printed before the clock]. However, 'show crypto pki timer' will not show the renew timer for the trustpoint.

Conditions: IOS is configured as SCEP client, with an auto-enroll timer. Also, instead of 'enrollment url' under the trustpoint, an enrollment profile is configured.

Workaround: Re-enter the 'auto-enrol <>' command under the trustpoint to trigger the renew timer.

  • CSCun21918

Symptom: The fields in the result of "show gtp apn stats" are not updated correctly

Conditions: Issuing "show gtp apn stats" command.

Workaround: Try to get similar info from "show gtp path stat"

  • CSCun22771

Symptom: An ASR 1002-X router might crash and reload writing a core file in the process.

Conditions: ASR1002-X running IOS XE in a NAT-HA B2B scenario

Workaround: There is no workaround.

  • CSCun24310

Symptom: Some of the fields in "show gtp statistics" result are not updated.

Conditions: Issue "show gtp statistics" command.

Workaround: There is no workaround.

  • CSCun24490

Symptom: Invalid offers getting processed

Conditions: Invalid offers getting processed

Workaround: There is no workaround.

  • CSCun24534

Symptom: Configuring "no aqm-register-fnf" doesn't disable the command in the router's running and startup configurations.

Conditions: The problem was observed in the following sequence : (1) Configure "no aqm-register-fnf" (2) Execute "show run", the command "aqm-register-fnf" is removed (3) Execute "show run" again, the command "aqm-register-fnf" re-appears

Workaround: There is no workaround.

  • CSCun28796

Symptom: Active ESP reloads when churning ISG sessions

Conditions: Churn both regular and walk-by ISG sessions at scale.

Workaround: There is no workaround.

  • CSCun30321

Symptom: Major alarm observed on ASR1001

Conditions: After upgrade to XE3.10.2

Workaround: There is no workaround.

  • CSCun31644

Symptom: try to register gm

Conditions: registration succeeds and crashes

Workaround: There is no workaround.

  • CSCun33934

Symptom: On standby RP, the remote restart counters on gtp paths are not synced from active RP and remain 0.

Conditions: After a back to back RP switchover

Workaround: There is no workaround.

  • CSCun38059

Symptom: No way audio (Silence) issue is noticed on transcoded SIP-SIP calls on CUBE after mid-call codec change.

Conditions: IOS Relase 15.3(3)M1 and above Issue happens only under following condition. 1. Transcoder is allocated on CUBE for DTMF Interworking (Audio Codec Used on both inleg and outleg are same) 2. Due to supplementary services like "Hold" or "Transfer", one of the call leg negotiates different audio codec (Since the transcoder already allocated for DTMF interworking, it takes care of audio transcoding) 3. Later when the call is "Retrived" or "Transfer" is completed, both the call legs on CUBE negotiates same audio codec and transcoder needs to be updated for DTMF Interworking. At this point, CUBE fails to update transcoder causing no-way audio issues

Workaround: 1. Try using the same DTMF method on both inleg and outleg, so that there is no transcoder allocation 2. Use same codec throughout the call Considering the following call flow PSTN -> SIP -> CUBE -> SIP -> CUCM -> IP Phone 1. Call was made from PSTN to IP-Phone via CUBE 2. Initial call gets established as G711 (alaw or ulaw) and CUBE allocates local transcoder for DTMF Interworking ( inband-voice to rtp-ntp) Media Path : PSTN [Codec-G711ulaw, DTMF-raw tone(inband-voice)] -> CUBE -> [Local Transcoder] -> [Codec-G711ulaw, DTMF- rtp-nte] -> IP-Phone 3. IP Phone places the call hold and this triggers call to be connected with MoH which is capable of streaming only G729 media Media Path : PSTN [Codec-G711ulaw, DTMF-raw tone(None)] -> CUBE -> [Local Transcoder] -> [Codec-G729, None] -> MoH Server 4. When IP Phone "Resume" or "Transfer" the call, the codec changes from G729 to G711ulaw. Media Path : PSTN [Codec-G711ulaw, DTMF-raw tone(inband-voice)] -> CUBE -> [Local Transcoder] -> [Codec-G711ulaw, DTMF- rtp-nte] -> IP-Phone 5. At this point, CUBE fails to update transcoder with updated media capability causing no-way audio

  • CSCun45602

Symptom: Traceback appears in the section test

Conditions: Issuing more harddisk:tracelogs/ with debug packet trace enabled

Workaround: There is no workaround.

  • CSCun46707

Symptom: When "crypto gdoi ks rekey" is issued on the KS with multiple groups, the GM does not receive the rekey

Conditions: Rekey

Workaround: There is no workaround.

  • CSCun48579

Symptom: CUBE is not sending 200 OK for PRACK SDP when CPA enabled

Conditions: when CPA enabled

Workaround: Add some delay between 18X to 200 Ok

  • CSCun50243

Symptom: When CED/ANSam/2100Hz answer tone is detected in the early media phase of the call, the gateway does not switchover and starts sending distorted audio to the originating fax. Fax transmission fails.

Conditions: This symptom is observed when modem passthrough nse codec g711ulaw is used as the fax protocol. Fax -> VG224 --SCCP--> CUCM -SIP--> 3945 GW--ISDN T1 PRI-->PSTN 3945 IOS: 15.1.4M5 VG224:15.1.4M2

Workaround: Perform the following workaround: - Use 'progress_ind' to strip PI=8 if the Early Media is opened via an ISDN ALERTING message: (config-dial-peer)#progress_ind alert strip - Check with Carrier if they can avoid opening early media for Fax/Modem calls.

  • CSCun50538

Symptom: fman-fp log report traceback when loading fp card

Conditions: load or reload fp card

Workaround: There is no workaround.

  • CSCun51932

Symptom: Incorrect internal and external Dialtone for CPTONE DE.

Conditions: Cptone DE is configured under FXS ports

Workaround: Step1: Router# test voice tone DE dialtone 1 425 0 -200 -200 -240 0 0 0 65535 0 0 0 0 0 0 0 Step2: Router# test voice tone DE 2nd_dialtone 1 425 0 -200 -200 -240 0 0 0 200 300 200 300 200 800 0 0 Step3: shut the voice-port Step4: Unshut the voice port

  • CSCun52009

Symptom: Traffic stats check failed after shutdown in Manual LB with multiple backup link configed

Conditions: Traffic loss is seen for PC_EVC_Manual_Loadbalance test

Workaround: There is no workaround.

  • CSCun59253

Symptom: DMVPN spoke (ISR) gets stuck in NHRP state after config-unconfig-reconfing with TP.

Conditions: DMVPN with TP

Workaround: Reboot the router.

  • CSCun61732

Symptom: Memory leak seen when CME will xfer the call followed by idivert.@ sippmh_parse_hi_token

Conditions: while doing idivert

Workaround: There is no workaround.

  • CSCun62178

Symptom: Traceback @fp_ipsecmgr_init

Conditions: With policy-map configured on the egress GRE tunnels, perform RP switchover

Workaround: There is no workaround.

  • CSCun62181

Symptom: ASR1002 running asr1000rp1-adventerprisek9.03.04.06.S.151-3.S6.bin crashes at crypto ipsec update peer path mtu

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCun62273

Symptom: MODEM Relay cannot be configured on VG224

Conditions: VG224 used for modem relay calls.

Workaround: There is no workaround.

  • CSCun65380

Symptom: CME Crashed while Inbound SIP profile added globally.

Conditions: This symptom is observed when inbound SIP profile is added.

Workaround: Do not configure inbound sip profile.

  • CSCun67176

Symptom: "No match found" message on the console.

Conditions: On issuing "show plat hard qfp act feat nat data port <proto>"

Workaround: There is no workaround.

  • CSCun68489

Symptom: reINVITE failure - hung calls

Conditions: reINVITE failure

Workaround: There is no workaround.

  • CSCun73233

Symptom: No way audio (silence) issue is noticed on transcoded SIP-SIP calls on CUBE when supplementary services like Hold/Resume or Call Transfer is invoked. Issue is observed with both SCCP based transcoding and LTI (Local Transcoding Interface) based transcoding. When using SCCP Based Transcoding, "show sccp connection" output looks as below during no-way audio issue (Mode - Inactive, rport - Empty, ripaddr - Empty, conn_id_tx - Empty) CUBE-2#show sccp connections sess_id conn_id stype mode codec sport rport ripaddr conn_id_tx 65545 36 xcode inactive g729 16414 0 :: 65545 40 xcode inactive g711a 16412 0 :: When using LTI based transcoding, "show dspfarm dsp active" shows no entry of the call during no-way audio CUBE-2#show dspfarm dsp active SLOT DSP VERSION STATUS CHNL USE TYPE RSC_ID BRIDGE_ID PKTS_TXED PKTS_RXED Total number of DSPFARM DSP channel(s) 0

Conditions: IOS Release 15.3(3)M Issue happens only under following condition. 1. When "midcall-signaling passthru media-change" is configured on CUBE 2. There is change in codec in one of the call leg after invoking supplementary services like Hold/Resume or Transfer

Workaround: 1. Disable "midcall-signaling passthru media-change" Voice service voip Sip no midcall-signaling passthru media-change 2. Use same codec through-out the call (Avoid change in codec behavior by controlling supported codec list)

  • CSCun73301

Symptom: FP Crashed while DTMF info message received for SRTP Passthrough call

Conditions: DTMF INFO received

Workaround: FP Crashed while DTMF info message received for SRTP Passthrough call

  • CSCun76377

Symptom: On CUBE if MTP invoked for the call Forking packets showing 0 :

Conditions: On CUBE if MTP invoked for the call Forking packets showing 0 :

Workaround: There is no workaround.

  • CSCun78843

Symptom: CUBE crashed while handling Flow around Call.

Conditions: CUBE crashed while handling Flow around Call.

Workaround: no Media flow around on CUBE

  • CSCun79934

Symptom: qfp ipsec debug message format changed

Conditions: There are no know conditions

Workaround: There is no workaround. none

  • CSCun83348

Symptom: IPsec configured router sees unauthenticated router in INIT stage of ospfv3

Conditions: Configure one router with ospfv3 auth and other router with no authentication

Workaround: There is no workaround.

  • CSCun84429

Symptom: ASR1k crashes.

Conditions: Deactivation of a container.

Workaround: There is no workaround.

  • CSCun85566

Symptom: when a crl is downloaded using "cry pki crl download url <url1> and no command is done on same, memory leak is seen for cd p

Conditions: when a crl is downloaded using "cry pki crl download url <url1> and no command is done on same

Workaround: There is no workaround.

  • CSCun85639

Symptom: when ASR1K receive a fragmented jumbo packets(pkt1:2002,pkt2:9000),router will report an refrag error and traceback.

Conditions: jumbo packet and VFR via CLI

Workaround: There is no workaround.

  • CSCun85947

Symptom: When there is a dialer interface getting dynamic IP, SIP control and media binding is failing with that interface.

Conditions: IOS should be 15.1.2T or later (to configure binding at dial-peer level)

Workaround: Configure static IP for the dialer interface.

  • CSCun88636

Symptom: Kingpin crashes @ cmcc_2kp_cli_show_plim_status_cb

Conditions: Kingpin crashes while issuing "show plat hard slot 0 plim status int"

Workaround: There is no workaround.

  • CSCun89036

Symptom: Traceback when IPV6 traffic is transiting through ATM sub-interface

Conditions: Configuration of "atm route-bridged ipv6" configured at ATM sub-interface level

Workaround: There is no workaround.

  • CSCun89879

Symptom: Some sip packets drop with B2B CGN BPA setup

Conditions: Some sip packets drop with B2B CGN BPA setup

Workaround: Reload router

  • CSCun90108

Symptom: On CUBE there is a port leak seen for each audio video call negotiated to audio call.

Conditions: This symptom is observed when audio Video M line offer answered with only audio m line.

Workaround: Send answer with both audio m line and video, if video not supported send port 0. <B>Symptom: On CUBE there is a port leak seen for each audio video call negotiated to audio call

Conditions: When audio Video M line offer answered with only audio m line.

Workaround: send answer with both audio m line and video, if video not supported send port 0

  • CSCun91087

Symptom: O2 router crashes with non-default firmware intermittently

Conditions: O2 router crashes with non-default firmware intermittently

Workaround:

  • CSCun91923

Symptom: CUBE reloads intermittently while handling SIP call forking scenario.

Conditions: In SIP Call forking scenario, an INVITE sent from CUBE is routed to multiple SIP endpoints and multiple SIP provisional responses such as 183 Session Progress with different To tags are received.

Workaround: There is no workaround.

  • CSCun92171

Symptom: CUBE's media anti-trombone feature does not work correctly when combined with the pass-thru content sdp feature. When the two features are enabled CUBE will return the wrong SDP on one call leg and does not properly switch from media flow-through to media flow-around.

Conditions: This was seen on 15.4(1)T with both media anti-trombone and pass-thru content sdp enabled.

Workaround: There is no workaround.

  • CSCun92199

Symptom: ucode crash with sip traffic

Conditions: after doing couple of events like redudancy reload multiple times and with SIP traffic

Workaround: There is no workaround.

  • CSCun93593

Symptom: Caller id is not received intermittently on FXO ports. we have dangling dsm_handle associated with this port and it is preventing from sending further dsp messages to start caller id. Mar 24 16:18:22.054: [0/1/1] htsp_start_caller_id_rx:BELLCORE Mar 24 16:18:22.054: htsp_start_caller_id_rx htsp->dsm_handle 2AC5E96C

Conditions: The symptom has been observed on IOS 150-1.M7, with PVDM3.

Workaround: Router reload fixes the issue.

  • CSCuo00479

Symptom: Slow memory leak in small/middle I/O buffers. This can be identified by looking at the output of "show buffer" and "show buffer usage" commands You'll see the number of small and middle buffers incrementing to very high values VG224-1#sh buffer | inc peak Small buffers, 104 bytes (total 1116, permanent 50, peak 1242 @ 00:00:17): Middle buffers, 600 bytes (total 1937, permanent 25, peak 2217 @ 00:00:16): The output of 'show buffer usage' will show the SCCP Application as a Resource User of the buffers and increasing until memory is exhausted. Caller pc : 0x6238D4C8 count: 4454 Resource User: SCCP Appli count: 4455 Once memory is exhausted, telnet sessions will fail to establish. Console access may still be available.

Conditions: VG224 registered to CUCM and defined as a SCCP controlled gateway. This is seen when the CUCM rejects the registration attempts of the VG224 FXS ports due to it reaching the " Maximum Number of Registered Devices" value as defined in the CUCM Service Parameters. This can occur when devices fail-over from the primary to secondary CUCM and the proper device sizing has not been followed as per the CUCM SRND. Too many devices attempt to register and CUCM starts to reject their attempts.

Workaround: Ensure that in fail-over scenarios, the number of devices that attempt to register to CUCM don't exceed the number set in "Maximum Number of Registered Devices" service parameter.

  • CSCuo02270

Symptom: Issues with source VLAN numbers while using with ERSPAN.

Conditions: VLAN greater than 1005 were not displayed in the running config. There is no service impact.

Workaround: There is no workaround.

  • CSCuo02726

Symptom: Memory Leaks seen at nhrp_cts_data_from_pak_wrapper

Conditions: The leaks are seen on the spoke of a DMVPN setup. The leaks are observed on booting up 15.4(2.8)T image

Workaround: There is no workaround.

  • CSCuo02894

Symptom: Packet-trace statistics sometimes appear to report out-of-sync counts.

Conditions: Using packet-trace in IOS-XE3.11.

Workaround: There is no workaround..

  • CSCuo03834

Symptom: entity alias mapping and if table entry missing for USB ports in ASR1002-X built-in RP

Conditions: ASR1002-X running with asr1002x-universalk9.03.08.01.S.153-1.S1.SPA.bin

Workaround: There is no workaround.

  • CSCuo04053

Symptom: End to end ping fails for normal ATM and CC ATM

Conditions: Breakage on mcp dev

Workaround: There is no workaround.

  • CSCuo05333

Symptom: Bogus counter reported by crypto engine

Conditions: When SHA384 algorithm, bogus counter is seen during show platform hardware crypto-device context output

Workaround: There is no workaround.

  • CSCuo05957

Symptom: client bypass-policy is not enabled while configuring "default client bypass-policy" in the GM gdoi group.

Conditions: client bypass-policy is not enabled while configuring "default client bypass-policy" in the GM gdoi group when the client bypass-policy is already disabled.

Workaround: There is no workaround.

  • CSCuo07408

Symptom: One-way audio when using SRTP when the master key begins with 00.

Conditions: Using any release that contains the fix for bug: CSCtj15884.

Workaround: Put the call on hold and then resume. This will renegotiate the keys and restore two way audio.

  • CSCuo12138

Symptom: One way audio when Agent blind-transfers a call from PSTN (h.323 gateway) to a second DN, which then CFNA's to Unity

Conditions: - the issue seems to be a race condition. - the call flow/scenario that seems to cause the race condition is as follows-

UCCE (CTI RP) Agent (x6420)---blind-xfer---> x6437-----CFNA---> CUC \ / ---- ----- \ / CUCM / / ----------------------/ / / / Gatekeeper h.323 \ / ------ ------------ \ / PBX---PRI--Gateway

Workaround: use consultive transfer

  • CSCuo14538

Symptom: Outputs of the IPSEC event-monitor does not always include a session-id or local/remote peer ID

Conditions: After the fact troubleshooting of IPSEC sessions by looking at the recorded events

Workaround: There is no workaround.

  • CSCuo16179

Symptom: BFD state down while config isis/ospf

Conditions: Bfd neighbors state down on POS interface with isis/ospf configuration.

Workaround: There is no workaround.

  • CSCuo16200

Symptom: Multiple PTP stream creation happens on performing IOSD kill switchover, because of that PTP slave clock alwys stuck in ACQUIRING state

Conditions: IOSD kill switchover

Workaround: There is no workaround.

  • CSCuo16728

Symptom: Control falls to Priviliged Exec mode

Conditions: When "exit" command is issued from voice register global

Workaround: There is no workaround..

  • CSCuo17391

Symptom: GTP path is created even when create pdp fails.

Conditions: By removing the ggsn address from gtp config or any other scenarios which lead to pdp creation failures

Workaround: There is no workaround.

  • CSCuo18931

Symptom: DSCP values are set for the VoIP signalling and media packets using the "ip qos dscp" command under the dial-peer. The default value, in the absence of explicit configuration, should be "af31" for signalling and "ef" for media. When setting dscp values for signaling/audio/video under the dial-peer the media packets are marked with AF11 instead of AF33 with the following configuration ip qos dscp af11 media ip qos dscp af21 signaling ip qos dscp af33 video rsvp-none

Conditions: This occurs when configuration is applied on dial-peer with the following call flow and IOS CALL FLOW CTS endpoint - SIP - CUCM -SIP - CUBE -SIP- SME -SIP- ISDN Video Gateway CUBE Platform/IOS c2900-universalk9-mz.SPA.153-3.M1.bin

Workaround: Apply the qos configuration on the interface using class map and policy map.

  • CSCuo21859

Symptom: "Show ephone register summay" command doesnot display ephones with ephone-tags beyond 165.

Conditions: There should be ephones configured with tag 165 onwards.

Workaround: Configure all the ephones with tags ranging below 165.

  • CSCuo22593

Symptom: GTP Local interface cannot be removed even when there're no active pdps

Conditions: All the time

Workaround: use "no gtp" to unconfigure the whole gtp and then reconfigure

  • CSCuo26237

Symptom: Trans on active and standby are not synced

Conditions: With AT&T set up

Workaround: There is no workaround.

  • CSCuo27809

Symptom: iWAG-GTP does APN name resolution through DNS before using locally configured APN level ggsn address.

Conditions: When "ip domain lookup is enabled"

Workaround: There is no workaround.

  • CSCuo28583

Symptom: Ring off/on period is not changed even we configure ring cadence as followings. - cptone KR - ring cadence pattern01 or - cptone KR - ring cadence define 20 40 or - cptone KR - ring cadence define 20 40 20 40 ======================= Apr 10 14:13:51.521: htsp_timer_stop3 htsp_setup_req Apr 10 14:13:51.521: htsp_process_event: [2/0, FXSLS_ONHOOK, E_HTSP_SETUP_REQ]fxsls_onhook_setuphtsp_progress Apr 10 14:13:51.525: [2/0] c2400_set_sig_state_intercept: ABCD=0, timestamp=0, sys_time=10443319 Apr 10 14:13:51.525: [2/0] c2400_get_ring_cadence: cadence: 2000, 4000, 0, 0, 0, 0 <<<<< Apr 10 14:13:51.525: [2/0] htsp_set_caller_id_tx calling num=2701 display_info= called num=1068 Apr 10 14:13:51.525: [2/0] Caller ID String 80 13 01 08 30 34 31 30 31 34 31 33 02 04 32 37 30 31 08 01 4F AE Apr 10 14:13:51.525: [2/0] voice port htsp_set_caller_id_tx_time: ring cadence not suitable for caller id. on_time_first=1000 off_time_first=2000 on_time_second=0 off_time_second=0 <<<<< Apr 10 14:13:51.529: [2/0] c2400_get_ring_cadence: cadence: 2000, 4000, 0, 0, 0, 0 <<<<< Apr 10 14:13:51.529: [2/0] c2400_set_sig_state: ABCD=0, timestamp=0, sys_time=10443319htsp_call_feature:feature 12

Conditions: VG224-MP 15.1(4)M5 cptone KR

Workaround: There is no workaround.

  • CSCuo28914

Symptom: show Modem Relay statistics output doesnot show any parameters

Conditions: show Modem Relay statistics output doesnot show any parameters

Workaround: There is no workaround.

  • CSCuo29084

Symptom: Call Flow: PSTN -H.323-GW - 3rd Party IVR System. When using payload type 97 & 96 for RTP-NTE with H.323, gateway is found to set Marker bit as false, which caused 3rd party IVR not to recognize DTMF inputs provided by Caller.

Conditions: Call Flow: PSTN -H.323-GW - 3rd Party IVR System.

Workaround: There is no workaround.

  • CSCuo31667

Symptom: "Badly formed RTP" drop counter increases unexpectedly. This issue is recovered by reloading the SBC.

Conditions: This issue is seen with tele-presence call.

Workaround: Reload the SBC.

  • CSCuo33168

Symptom: There is a time difference printed in the CSV files generated by the hunt group stats reports. While the file shows that the collection of statistics took place at 8pm for example, the actual data shown is from 2-3 hours prior of that time, it could even be more some times. For example: 20:00:01 EST Tue Apr 15 2014 EPHONE HUNT GROUP STAT 1 Tue 16:00 - 17:00 HuntGp 2 0 0 0 0 0 0 0 0 0 0 0 0 1 Tue 16:00 - 17:00 Agent 3001 0 0 0 0 0 0 1 7 7 0 0 0 1 Tue 16:00 - 17:00 Agent 3002 0 0 0 0 0 0 1 4 4 0 0 0 This is happening due precise time condition checks while generating csv file.

Conditions: B-ACD is being used for call queuing. 'statistics collect' enabled inside ephone-hunt The following commands are included inside telephony-service: hunt-group report url prefix <URL> hunt-group report url suffix <number> to <number> hunt-group report every <Hours> hours

Workaround: There is no workaround.

  • CSCuo34250

Symptom: Inbound and outbound calls through FXO ports are disconnecting always if "supervisory disconnect anytone" command is present in the FXO Voice-port. If we remove the command, calls would work without any issues. However, in 151-3.T1 calls would work fine with "supervisory disconnect anytone" command present in the voice-port. CSCum09273 fixed the issue with inbound calls through FXO port. Outbound calls are still not working.

Conditions: When "supervisory disconnect anytone" command is configured under voice-port

Workaround: Remove "supervisory disconnect anytone"

  • CSCuo36965

Symptom: crypto-register packet-count CLI does not work on ASR1001-X platform

Conditions: transmitted and received packets always shows the same value

Workaround: There is no workaround. none

  • CSCuo36977

Symptom: Traceback at cpp_mma_policy

Conditions: Flapping Flexvpn sessions with AVC service-policy applied via Radius

Workaround: There is no workaround.

  • CSCuo38818 After configuring this command under ephone for static member, it is observed that sporadically it doesn't provide tone while logging in/out while ephone actually logs in/out in ephone-hunt. Also sometimes, ephone provides tone but doesn't log in/out in ephone-hunt. <B>Symptom: The login/logout status for a particular DN is not in sync between Ephone hunt group and Voice hunt group. If ephone hunt group shows the status of the DN as logged in, voice hunt group shows as logged out, or vice versa. Thus, always the status on the phone is updated as "logged out of hunt group"

Conditions: Same DN should be part of ephone hunt group and voice hunt group. And under the ephone hunt group, members logout and/or auto-logout should be configured.

Workaround: Do not configure members logout and auto-logout, when same DN is associated with ephone hunt group and voice hunt group simultaneously. :

  • CSCuo40193

Symptom: traceback shows up

Conditions: reload

Workaround: There is no workaround.

  • CSCuo40596

Symptom: when ping xtr to pxtr, the pxtr response message is LSB disabled,the packet was seen on punt path

Conditions: There are no know conditions

Workaround: it's random,sometimes will be hit, sometimes is not.

  • CSCuo46913

Symptom: A crash is seen causing a system reload. The crash occurs in the Crypto IKMP process: Exception to IOS Thread: Frame pointer 0x3CEFFB58, PC = 0x164CC518 UNIX-EXT-SIGNAL: Segmentation fault(11), Process = Crypto IKMP

Conditions: This issue occurred after the following debug: debug cry condition peer subnet XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX The exact conditions are still being investigated.

Workaround: There is no workaround. known

  • CSCuo47484

Symptom: CPA event is enabled for non cpa dsp profile and transcoded calls.

Conditions: For basic Transcoded call, CPA event is send as enabled even for non CPA dsp profile configuration.

Workaround: There is no workaround.

  • CSCuo51043

Symptom: The dynamic L2L peer will successfully bring up, both phase-1 and phase-2 although the isakmp profile does not cater to this new peer.

Conditions: IOS L2L end-point catering to dynamic peers, with a dynamic crypto map, under which we have: a) an isakmp profile that does not match the isakmp identity of this new peer b) no crypto ACL [i.e. no 'match address' statement] Note: a crypto ACL can be configured under the dynamic map, that is either an exact or a super-set mirror image of the peer's crypto ACL, although this is not mandatory.

Workaround: There is no workaround..

note.gif

Noteblank.gif Note: The non-matching isakmp profile blocks the peer if the dynamic map has a 'match address' statement.


  • CSCuo51445

Symptom: The following are the issues identified with unicast and multicast rekey, re-transmission even trace 1. The order of rekey received and ack sent on the GM was out of order, with rekey ack event showing up first. 2. Ip address of source and destination showed up as 0.0.0.0 3. Seq number showed up as either 0 or very large number.

Conditions: Standard GETVPN deployment.

Workaround: There is no workaround.

  • CSCuo52113

Symptom: Redundant Gatekeeper setup and high CPU is experienced from time to time during the GUP un-registeration operation.

Conditions: Traceback= 0x9434BECz 0x942BEC0z 0x942BFE8z 0x942C03Cz 0x9457E08z 0x93FE7CCz 0x94022F0z 0x4DD7EACz 0x4DBDD18z

Workaround: There is no workaround.

  • CSCuo52384

Symptom: ROMMON get_mac_addr and IOSXE IDPROM access fail on booting standby RP2.

Conditions: External USB thumb drive used on RP2.

Workaround: Remove external USB thumb drive on RP2.

  • CSCuo53570

Symptom: timestamp is garbage when show performance monitor history

Conditions: timestamp is garbage when show performance monitor history

Workaround: There is no workaround.

  • CSCuo53594

Symptom: CUBE use early dialog Record-Route on ACK message.

Conditions: CUBE receive another Record-Route on 180 and 200

Workaround: There is no workaround.

  • CSCuo54224

Symptom: Path-confirmation check failed on CUBE in SRTP-RTP call

Conditions: Configure CUBE for SRTP-RTP call

Workaround: There is no workaround.

  • CSCuo54421

Symptom: DGT value displayed wrongly on FNF cache.

Conditions: The issue is seen intermittently on Overlord platform.

Workaround: There is no workaround.

  • CSCuo55610

Symptom: Incomplete kernel core file with filename ending in.TEMP_IN_PROGRESS.

Conditions: Active RP kernel core dump in dual RP2 systems.

Workaround: There is no workaround.

  • CSCuo56272

Symptom: fman fp crash @in cpp_nat_client_ctrl_cmd_send_a

Conditions: on reloading router with attached config

Workaround: There is no workaround.

  • CSCuo58017

Symptom: CUBE response both 481 and 200

Conditions: Receive PRACK with wrong Rack header

Workaround: There is no workaround.

  • CSCuo59747

Symptom: Unexpected CANCEL message sent from CUBE

Conditions: Enclosed Configs

Workaround: There is no workaround.

  • CSCuo61424

Symptom: Invalid cause code '0' sent in 503 response to INVITE received by CUBE

Conditions: Configure the CUBE for PCD buffer logging as per the enclosed configs

Workaround: There is no workaround.

  • CSCuo61533

Symptom: ESP crash at cpp ace delete

Conditions: 10K flexvpn sessions up with traffic and then RP switchover down

Workaround: There is no workaround.

  • CSCuo68028

Symptom: FP-Crashes@vc_show_alias_aom_cb

Conditions: while configuring encapsulation aal5mux ip in atm sub-interface

Workaround: There is no workaround.

  • CSCuo68525

Symptom: Incorrect RTP connections seen for calls from SCCP-Jabber Video Phone

Conditions: Day 1 issue

Workaround: There is no workaround.

  • CSCuo70773

Symptom: Confidence levels sent to ASR server from VXML gateway in the MRCPv2 messages are not the expected values. The values may appear to have had their leading zero after decimal place removed/trimmed.

Conditions: MRCPv2 Incoming confidence level in VXML document is less than 0.10

Workaround: Do not use a confidence level value smaller than 0.10 in VXML documents. Do not provide a confidence level that has a leading zero after the decimal point ex) 0.05

  • CSCuo75390

Symptom: Ucode crash occurs with UWS-WAN_XE311 profile.

Conditions: while verifying NAT64 with traffic on.

Workaround: There is no workaround.

  • CSCuo85606

Symptom: ESP80 may crash when tearing down PPP sessions on LNS at scale.

Conditions: Tearing down PPP sessions on LNS.

Workaround: There is no workaround.

  • CSCuo85705

Symptom: In a configuration where both Root and Sub have revocation check enabled, IOS PKI Client falls back to the older behavior of inheriting the Root trustpoint policy [while downloading CRL during cert validation] in the following situations: a) Both Root and Sub-CA CRLs are not yet downloaded b) Root CRL is available and Sub CRL is not yet downloaded

Conditions: IOS PKI Client configured with chain-validation: crypto pki trustpoint Root-CA vrf mgmt source-interface eth0/0 revocation-check crl crypto pki trustpoint Sub-CA vrf secure source-interface eth0/1 revocation-check crl chain-validation continue Root-CA

Workaround: There is no workaround.

  • CSCuo86608

Symptom: Slow configurations

Conditions: High cpp data path utilization

Workaround: There is no workaround.

  • CSCuo88991

Symptom: clid network-number not honored.

Conditions: Call flow:- PSTN T1PRI---- Cisco GW -- -T1PRI--PSTN Ver:- 151-4.M5 Details Cisco IOS GW receives incoming call through T1 PRI, IOS matches the incoming dial-peer completes digit manipulations. And matches the outbound dial-peer which is destined towards PSTN circuit. The outbound dial-peer is configured with clid network-number "XXXX'. Ideally Calling number should be changed based on clid network-number configuration, but it is not getting honored.

Workaround: Use translation profile instead of clid network-number.

  • CSCuo90859

Symptom: Build breakge on xe313_throttle

Conditions: ABS daily build on xe313_throttle

Workaround: There is no workaround.

  • CSCuo91733

Symptom: smp packets should not be via LAN interface when FIB updating

Conditions: smp packets should not be via LAN interface when FIB updating

Workaround: There is no workaround.

  • CSCuo92907

Symptom: Multiple registration requests are observed on GM

Conditions: Multiple registration requests are observed on GM when the ACL on the KeyServer is modified and rekey is issued

Workaround: There is no workaround.

  • CSCuo94228

Symptom: slow configurations

Conditions: High data path utilizations

Workaround: There is no workaround.

  • CSCup09950

Symptom: Traceback was seen in overlord platform during call termination

Conditions: voice calls

Workaround: There is no workaround.

  • CSCup11175

Symptom: A memory corruption crash on ASR.The crash is related to SIP Gateway.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup15661

Symptom: tunnel holddown timer value is not stored in running or startup config and is not preserved on reload

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup17566

Symptom: CPP crash caused by sessions renegotiating authentication and applying QOS

Conditions: Having many CPE renegotiating authentication

Workaround: There is no workaround.

  • CSCup18062

Symptom: Memory leak in MallocLite

Conditions: ASR running 03.07.05S

Workaround: There is no workaround. at this time

  • CSCup18295

Symptom: A router will crash with a segmentation fault in IOSD: UNIX-EXT-SIGNAL: Segmentation fault(11), Process = CCSIP_SPI_CONTROL

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup21070

Symptom: The ESP module in an ASR1000 series router may reload unexpectedly.

Conditions: This has been observed on an ASR1002 running 15.3(3)S2 (03.10.02.S)

Workaround: There is no workaround. at this time

  • CSCup27605

Symptom: SIP GW fails to send dtmf digits after NOTIFY msg

Conditions: SIP GW fails to send dtmf digits after NOTIFY msg while testing with failed image

Workaround: There is no workaround.

  • CSCup30453

Symptom: Large multicast packets are not reaching the receiver.

Conditions: Using IPv6 VFR with multicast

Workaround: There is no workaround.

  • CSCup38955

Symptom: master channel Operational state is not-available on USD

Conditions: basic cent topo

Workaround: There is no workaround.

Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S

This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S.

  • CSCum18091

Symptom: This is an enhancement request IOS IKEv2 VPN server in ikev2 cluster supports ipv4 address in the redirect payload. As per RFC 5685 section “9.2. REDIRECT”: “FQDN of the new VPN gateway” is a valid payload and should have an option to mention redirect-FQDN. If FQDN is not used then “Untrusted certificate warning” will appear even if gateway have valid trusted certificate installed.

Conditions: ** FQDN is used to connect to the VIP address of cluster ** Trusted valid wild card certificate installed on the gateway or subject alt name contain the FQDN equal to physical IP address of the gateway.

Workaround: Add in ipv4 addresses of all the gateways in the cluster in the SAN attribute of the certificate.

  • CSCun87816

Symptom: SAs are not synced after rekey failover test

Conditions: After issuing clear crypto sa standby, show crypto ipsec sa standby | include Status should show the status of both the active and standby router's

Workaround: There is no workaround.

  • CSCuo49933

Symptom: DMVPN tunnels down followed by traffic loss

Conditions: This condition is observed when setting scale configuration for DMVPN tunnels.

Workaround: There is no workaround.

  • CSCuo52011

Symptom: dynamic tunnels are not formed after clearing crypto session

Conditions: The issue observed during clearing of crypto session with Traffic running.

Workaround: There is no workaround.

  • CSCuo52097

Symptom: On the ASR1k router, with DMVPN setup ( hub ---- spoke), ipv4 traffic go through one DMVPN tunnel. ESP100 on hub router crashed every 2 hours.

Conditions: This symptom was observed with DMVPN setup ( hub ---- spoke), ipv4 traffic go through one DMVPN tunnel. ESP100 on hub router crashed every 2 hours.

Workaround: There is no workaround.

  • CSCuo58575

Symptom: Traceback NAT-3-HA_BULK_SYNC_FAIL seen doing redundancy switchover

Conditions: Traceback was observed while performing redundancy switchover and while changing NAT modes.

Workaround: There is no workaround.

  • CSCuo61448

Symptom: SIP-SIP DO-DO Transcoded Coded Video Call failing

Conditions: This symptom is observed in image versions are 15.4(2.11)T and 15.4(2.13)T

Workaround: There is no workaround.

  • CSCuo78046

Symptom: After chassis reload the standby RP was stuck in booting.

Conditions: RP in slot R1 is active and we reload the chassis

Workaround: Reload the router again.

  • CSCuo86893

Symptom: Some SIP flows get classified as unknown in NBAR for Linux.

Conditions: This is relevant for NBAR linux 3.13 and 3.14.

Workaround: There is no workaround.

  • CSCuo99846

Symptom: default interface error with virtual-reassembly max-fragments configuration like ip virtual-reassembly max-fragments 64 timeout 60

Conditions: This symptom is observed when no ip virtual-reassembly max-fragments 64 timeout 60 or default interface with ip virtual-reassembly max-fragments 64 timeout 60

Workaround: issue no ip virtual-reassembly instead of no ip virtual-reassembly max-fragments 64 timeout 60

  • CSCup01589

Symptom: Traceback cpp_cent_handle_rc_tc_modify might thrownout when reset border router with scale of traffic-classes like 120K.

Conditions: This symptom is observed when you reset border router quickly with scale of traffic-classes like 120K.

Workaround: Shut and then no shut BR with longer time interval like 5~10s.

  • CSCup01919

Symptom: cisco-phone maybe missclassifed by 1 packet to sip cisco-jabber-audio maybe missclassifed by 1 packet to unknown.

Conditions: This symptom may occur when there is cisco-jabber-audio or cisco-phone traffic in RP2-ESP160 platform.

  • CSCup05051

Symptom: Output of: show flow exporter option application table contains extra characters (spaces or ') in the output

Conditions: This symptom is observed when FNF record contains application name recognition field, parsing of the command output in an automated scripts might fail

Workaround: There is no workaround.

  • CSCup05490

Symptom: Crash with "debug voip fpi error" under load

Conditions: Enable "debug voip fpi error" and start the load at 10 cps - 100 sec call hold time. Cube, immediately starts crashing.

Workaround: There is no workaround.

  • CSCup05537

Symptom: 012859: May 28 18:15:44.567 IST: %CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_cp: cpp_cp encountered an error -

Traceback= 1#f2ee657dc6dde00068e3d7bf77d48834 errmsg:C249000 2230 cpp_common_os:C916000 C660 cpp_common_os:C916000 C460 cpp_common_os:C916000 19D9C cpp_dsp_svr_lib:F818000 6900 cpp_dsp_svr_lib:F818000 92E8 cpp_sbc_svr_lib:FC2B000 32890 cpp_sbc_svr_lib:FC2B000 388EC cpp_sbc_svr_lib:FC2B000 22434 cpp_common_os:C916000 115D4 cpp_common_os:C916000 11C0C evlib:C621000 E1FC evlib:C621000 105E4 cpp_common_os:C916000 1337C :10 Traceback observed with load with transcoded calls.

Conditions: Traceback observed with the following call flow:

Topology: CUCM ---> SIP ---> CUBE ---> CVP | --------> Media Sense Call flow: 1. CUCM Call CVP via cube. 2. VXML on CVP answers the call & negotiates g711ulaw (rtp-nte) - g711ulaw (inband) Now cube starts the leg with Media sense & forks both leg audio 3. Then CVP transfers the call using REFER back to CUBE 4. CUBE consumes the refer & sends the triggered INVITE to refer-to leg. Refer-To negotiates the g711-g729r8. Now cube starts the leg with Media sense & forks both leg audio

Workaround: There is no workaround.

  • CSCup06322

Symptom: Not all mka sessions brought up

Conditions: This symptom is observed after you reload the router

Workaround: There is no workaround.

  • CSCup14212

Symptom: IPv6 GETVPN data plane traffic dropped

Conditions: In GETVPN VRF-lite configuration, after un-confgured and then re-configure VRF definition.

Workaround: There is no workaround.

  • CSCup21021

Symptom: error overridden is not done.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup23606

Symptom: Testcases failed since incorrect number of call_legs are obtained.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup25298

Symptom: Crashes while changing PAP BPA settings.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup31575

Symptom: HTTPS POST request fails

Conditions: Back to back HTTPS POST request

Workaround: There is no workaround.

  • CSCup33329

Symptom: Crashes while changing PAP BPA settings.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup34474

Symptom: %GDOI-5-GM_FAILED_TO_INSTALL_POLICIES: messages are seen on GM while removing the crypto map from the interface(no crypto map) and configuring a new crypto map to the interface.

Conditions: %GDOI-5-GM_FAILED_TO_INSTALL_POLICIES: messages are seen on GM while removing the crypto map from the interface(no crypto map) and configuring a new crypto map to the interface.

Workaround: There is no workaround.

  • CSCup39458

Symptom: observing degradation for LISP feature with XE3.13 and latest mcp_dev image

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup41744

Symptom: The following message, that should appear if the key cannot be found in the IKEv2 keyring is not shown if a debug crypto condition is enabled. IKEv2:% Getting pre-shared key from profile keyring IKEv2_KEYRING IKEv2:% key not found. IKEv2:Failed to initiate sa

Conditions: Key cannot be found in the keyring debug crypto ikev2 enabled debug crypto condition enabled.

Workaround: There is no workaround.

  • CSCup49925

Symptom: The GM is not able to process the rekey from the KS when "crypto gdoi ks rekey" is issued on the KS. the syslog IPSEC-3-RECVD_PKT_NOT_IPSEC is generated on the GM.

Conditions: When no client bypass policy is configured and a local ACL is not configured on the GM, the GM is not expected to received the rekey from the KS.

Workaround: After GETVPN config change, if there is issue with rekey, issue "clear crypto gdoi". It will let group member re-register.

  • CSCup55373

Symptom: CSL Licenses are not presented with their correct status.

Conditions: This occurs following the enabling and disabling of Smart Licensing.

Workaround: If you reload the system in CSL mode, the problem is resolved.

  • CSCup57389

Symptom: traffic through the PPP sessions drops

Conditions: While testing VRF Lite coexistance with ServiceProvider NAT for LNS

Workaround: There is no workaround.

  • CSCup60370

Symptom: Crash with FTP traffic while B2B NAT redundancy switchover.

Conditions: There are no know conditions

Workaround: There is no workaround.

  • CSCup64883

Symptom: Crash observed on clearing fw sessions in B2B HA

Conditions: Stateful traffic flowing through the router

Workaround: Shutdown inside and outside interfaces

  • CSCup65311

Symptom: Unable to delete route-map NAT dynamic mapping in B2B HA even with no translations on the box

Conditions: There are no know conditions

Workaround: Use the 'no ip nat ___ force'

  • CSCup66865

Symptom: under full scale 2000 branches,with 32k channel each border router, and 160,000 traffic class; on hub MC BR some channel status fail to sync, on hub MC it is ?Operational state: Not-Available(Channel in Initial state)?, but on hub BR the channel is Channel RX state: reachable Channel TX state: reachable

Conditions: There are no know conditions

Workaround: shutdown/no shutdown hub BR to trigger the channel status update to MC

  • CSCup67018

Symptom: RTP Packet to DSP payload not seen

Conditions: RTP Packet to DSP payload not seen in dagger proto when making SIP call

Workaround: There is no workaround.

  • CSCup70155

Symptom: On an IOS FlexVPN hardware client that's also configured as a DHCP server, when it receives 2 DNS server entries through IKEv2 configuration attributes, it can only import the first DNS server entry passed down from the FlexVPN server into DHCP.

Conditions: This problem is seen when a FlexVPN client is configured to import all DHCP options.

Workaround: There is no workaround.

  • CSCup73495

Symptom: Traffic encrypt/decrypt fails with UWS-GETVPN profile

Conditions: while sending traffic and verifying Dataplane counters of a group.

Workaround: There is no workaround.

  • CSCup73645

Symptom: All the 4000 tunnels didnt come up on Initiator after rekey

Conditions: All the 4000 tunnels should nt come up on Initiator after rekey

Workaround: There is no workaround.

  • CSCup73986

Symptom: Installation of Reg/Rekey policies from KS for group & gm identity has failed

Conditions: policy should not installed from KS for group & gm identity

Workaround: There is no workaround.

  • CSCup76401

Symptom: When the “no crypto ikev2 proposal default” command is present in the startup-config, it is no present in the running-config after reload. On the console, the following error is generated at boot time: % Cannot remove as proposal is in use.

Conditions: “no crypto ikev2 proposal default” must be configured

Workaround: Re-enter the command after each boot.

  • CSCup78705

Symptom: With crypto enabled on tunnel interfaces which is used by KWAAS to reach WCM, the registration which is https requests fail. but with Crypto disabled the registration is successful.

Conditions: IWAN performance and as part of advanced profile we have following features enable WAAS, PFRv3, AVC, Crypto, DMVPN, QOS, NBAR. Installed CCO image of KWAAS with XE3.13 throttle image. KWAAS image - ISR-WAAS-5.3.5a.5.ova XE3.13 image -isr4400-universalk9.BLD_V154_3_S_XE313_THROTTLE_LATEST_20140626_070148-ext.SSA.bin

Workaround: Remove crypto and then enable cms and things work fine and you will be able to import SSL AO without any issues. Once the AO is installed/imported crypto can be reinstalled once again.

  • CSCup78877

Symptom: When the Group member (ASR) registers to the key server, after the installation policies syslogs, trace messages are seen.

Conditions: The group member and key server have GETVPN configurations.The group member registers to the key server

Workaround: There is no workaround.

  • CSCup80547

Symptom: When a GETVPN GM receives an ESP packet with an invalid SPI, it generates an erroneous syslog with the following format: "CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /x.y.z.w, src_addr= a.b.c.d, prot= 50"

Conditions: When a GETVPN GM receive an ESP packet with invalid SPI

Workaround: There is no workaround.

  • CSCup82655

Symptom: 1) No output is seen in the output “show performance monitor history interval all” after applying input ACL deny TCP rule on interface GigabitEthernet0/0/1 in UUT and sending the traffic from Pagent to UUT. 2) In TC_8 Current Cache entries not incremented to the value 10 in the output of Command “show performance monitor cache” after applying input ACL deny TCP rule on interface GigabitEthernet0/0/1 and sending traffic from Pagent to UUT. These behavior is observed on ASR1k Platform.

Conditions: 1) Configure static route and performance-monitoring in UUT. 2) Configure traffic stream on pagent with route-change drop option. 3) Configure ACL TCP deny rule on UUT. 4) Start sending traffic from pagent to UUT side. 5) check out the output of CLI “show performance monitor history interval all” and Counter packets value in each interval. The counter packets aggregated value must be 500. Unconfigure static route and performance-monitoring on UUT. Repeat the above steps for MMA traffic drop with flow aggregated and input ACL deny and check the output of “show performance monitor cache”. The current cache entries should reach the expected value 10 after 8 polls.

Workaround: There is no workaround.

  • CSCup84620

Symptom: "show isakmp stats" should show counters for "ISAKMP cannot process that SA." "IKE message from x.x.x.x has no SA and is not an initialization offer?

Conditions: There are no know conditions.

Workaround: There is no workaround.

  • CSCup86008

Symptom: Parsing error in custom notify payload

Conditions: peer should send custom notify with empty SPI and data

Workaround: There is no workaround.

  • CSCup87747

Symptom: The 'Period Used' timer value is not consistent after several SSO switchover.

Conditions: An HA/SSO environment, along with enabled Suite licenses are needed.

Workaround: Do not perform any SSO switchover.

  • CSCup90021

Symptom: - IOS sending multiple periodic DPDs at once for the same IKE session - peer responding to DPDs one by one resulting in IOS throwing below message due to received response not related to most recent DPD Jul 15 13:52:35.432: ISAKMP:(1001):R-U-THERE-ACK sequence number 0x7AA2567 does not correspond to expected value 0x7AA2568

Conditions: - on-demand DPDs configured (no matter if on-demand or periodic) - multiple IPsec SAs - loss of decrypts on those multiple SAs at the same time

Workaround: - disable DPDs

  • CSCup91659

Symptom: Configure IPv6 address on the BDI interface.

Conditions: Support IPv6 Forwarding and existing IP protocols.

Workaround: There is no workaround.

  • CSCuq02180

Symptom: Crash is seen after the call starts

Conditions: the stcapp summary is seen for the voice port.

Workaround: There is no workaround.

  • CSCuq05961

Symptom: the total rate (offered rate - drop rate) in "show policy-map interface" does not match with the total out rate in "show interface". It seems like the drop rate in the grandparent class and parent class is different of show policy-map interface randomly.(child class is fine) But it does match with the result of IXIA real-time traffic rate with show interface.

Conditions: Environment Generate rate: 6.5Mbps from Gi0/0/1.70(connect to IXIA port 7) to Gi0/0/0.1990 ( connect to IXIA port 8). Packet size: 1340Byte Drop rate: 1.5Mbps in the class-map class-default.

Workaround: Release 15.4(2)S works fine.