Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco ASR 1000 Series Aggregation Services Routers Release Notes, Cisco IOS XE Release 3S February 10, 2017 Text Part Number: OL-26698-25
1251
Embed
Cisco ASR 1000 Series Aggregation Services Routers Release Notes
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cisco ASR 1000 Series Aggregation Services Routers Release Notes, Cisco IOS XE Release 3SFebruary 10, 2017
Cisco Systems, Inc.www.cisco.com
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
Multiple FlexVPN Spokes Behind a Single NAT Device 7-87
mVPNv6-mLDP over GREv4 7-88
NBAR2 Custom Protocol Enhancements Phase II 7-88
NBAR2 Integrated Protocol Pack 7.1.0 7-88
NBAR2 Protocol Pack Hitless Upgrade 7-88
NBAR L3 Custom Protocol Support 7-88
Object Groups for ACLs 7-88
OnePK Support 7-89
Open Plug-N-Play Agent 7-89
Packet Classification Using Frame-Relay DLCI Number 7-89
PBR Recursive Next Hop for IPv6 7-89
Per-Interface QoS for PPPoE Punt Traffics 7-89
Persistent CPU Index After ESP/RP Reboot 7-89
QoS on GEC PortChannel on ASR 1K 7-89
RFC430x IPSec Support Phase-1 7-90
Simplified Line Side Support for CUCM on CUBE 7-90
SIP Profiles for Inbound Messages 7-90
SPA-1xCHSTM1/OC3 7-90
Support AAC-LD MP4-LATM CODEC Support on CUBE for Interworking with Media Sense for Forked Calls 7-90
Support of AES-GCM as an IKEv2 Cipher on IOS 7-90
TrustSec Phase4 7-90
Tunnel Mode Auto Selection 7-91
TWAMP RFC compliance 7-91
V.150.1 MER Support in SDP Passthru Mode 7-91
VPLS BGP Signaling L2VPN Inter-AS Option B 7-91
Important Notes 7-91
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature 7-91
Deferrals 7-92
Field Notices and Bulletins 7-92
Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S 7-92
7-92
xii OL-26698-25
Contents
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S 8-93
New and Changed Information 8-93
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.0S 8-94
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.0S 8-94
1 port OC-48 POS/RPR SPA with SFP Optics 8-94
BGP - EVPN / PBB_EVPN route-reflection 8-94
BGP - RTC for legacy PE 8-94
BGP GSHUT enhancement 8-94
BGP Monitoring Protocol 8-94
CAC for IP sessions Enhancements 8-95
Cisco 8-Port Channelized T1/E1 Shared Port Adapter (SPA-8XCHT1/E1-V2) 8-95
Configurable number of simultaneous packet per ZBFW session 8-95
CUBE HA Enhancements:Stateful Switch Over (SSO) for SIP Signaling over TCP/TLS connection, HA Protected State to simplify Active reboot, including SYSLOG msg,HA Box to Box Redundancy for ASR1006 8-95
CUBE-SP: Blended transcoding and long user info 8-95
Dial peer simplification 8-95
Disjoint LISP RLOC Domains Support 8-96
Dual Stack support for Mobile IP users - GTP 8-96
Dual Stack support for Simple IP 8-96
EIGRP Classic to Named mode Conversion 8-96
Enable Automatic configuration of Flow Metadata in the reverse direction 8-96
Enable bi-directional SXP support 8-96
Enabling ALGs and AICs in Zone-Based Policy Firewalls 8-97
FlexVPN IPv6 Direct Spoke to Spoke 8-97
Flow Based Redirect 8-97
Flow-Aware Transport of MPLS Pseudowires 8-97
FNF: Prevent Export Storms 8-97
FRR and VLAN Unlimited for 40G Native Ethernet Line card on ASR1000 8-97
GETVPN IKEv1 Separation 8-97
HA Protected State to simplify Active reboot,including SYSLOG msg,HA Box to Box Redundancy for ASR1006 8-98
IOS IKEv2 support for AutoReconnect feature of AnyConnect 8-98
IOS VRF Multicast Multi-Topology Support 8-98
IP Tunnel - GRE Key Entropy Support 8-98
IPV4 ACL Chaining Support 8-98
IPv6 ACL Chaining with common ACL 8-98
IPv6 IPSec QoS (LLQ and QoS Pre-Classify) 8-99
xiiiOL-26698-25
Contents
ISDN Phase 2 (for LAC) on E1 8-99
ISG accounting accuracy (~ 1 sec accuracy at session and TC level) 8-99
ISG / iWAG Templating Based Policy / Feature Provisioning 8-99
ISIS - Remote LFA FRR 8-99
ISIS local microloop protection 8-99
L2TPv3 - Layer-2 Tunneling Protocol Version 3 8-100
Label Switched Multicast (LSM) Multicast Label Distribution Protocol (mLDP) based Multicast VPN (mVPN) support 8-100
LISP ESM Multihop mobility 8-100
MMOH suport on ASR 8-100
MPLS VPN over mGRE 8-100
MTR in VRF 8-100
Multi-Topology BGP with VRF enhancement 8-100
Multicast MT mode in VRF 8-101
NBAR2: Add/rename static attributes 8-101
NBAR2: GETVPN (Crypto-Map) Support 8-101
NBAR2 Integrated Protocol Pack 6.0.0 8-101
NBAR2: Integrate NBAR Taxonomy into the router 8-101
Observation Point ID - distinguish metrics from different interfaces 8-101
SIP Signaling Enhancements: URI based dialing, Pass-through of Unsupported and non-Mandatory Headers, CUBE Graceful Shutdown mode, Configurable SIP Error codes, SHA1_80 support in SRTP 8-104
SP Wifi: Integrated Ethernet over GRE support 8-104
Support for adjustable statistics poll interval for SPA-8xCHT1E1 8-105
TCP MSS Adjust 8-105
xiv OL-26698-25
Contents
VRF aware BGP translate-update 8-105
Weighted Fair Queueing, High Priority Policer and Configurable threshold for Pause Framesfeature for 40G Native Ethernet Line card on ASR1000 8-105
WSMA Enhancements for wireless management 8-105
Important Notes 8-105
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature 8-105
Deferrals 8-106
Field Notices and Bulletins 8-106
Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S 8-106
8-106
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S 9-107
New and Changed Information 9-107
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S 9-108
WCCP with generic GRE Support 9-108
Dropping TCP Packets During Router Reboot Process in AppNav Controller Group Scenario 9-108
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S 9-108
Cisco ASR 1000 Series Fixed Ethernet Line Card 9-108
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S 9-108
1-port OC-192c/STM-64 POS/RPR Shared Port Adapter, XFP Optics 9-109
ISDN/Dialer Access-Link Support for Broadband Aggregation 11-141
ISIS No Hello Padding Always 11-141
ISSU—E-LMI Support 11-142
L2VPN VPLS Inter-AS, Option B 11-142
Label Switched Multicast (LSM) Multicast Label Distribution Protocol (mLDP) based Multicast VPN (mVPN) Support 11-142
LISP Delegate Database Tree (DDT) 11-142
LISP Host Mobility Across Subnet 11-142
xx OL-26698-25
Contents
LISP-SEC, LISP Control Plane Security 11-142
Mapping of Address and Port Using Translation (MAP-T) 11-142
MGRE Tunnel Support over IPv6 11-143
MLDP-Based MVPN 11-143
MLDP In-Band Signaling / Transit Mode 11-143
MPLS Virtual Private Networks 11-143
MVPNv6 Extranet 11-143
NETCONF XML PI 11-143
Network-Based Recording Using Cisco UBE 11-143
NSF/SSO—E-LMI Support 11-143
OSPFv3 ABR Type 3 LSA Filtering 11-144
Per PW Layer 2 Service Policy in VFI 11-144
Per PW QOS in VFI 11-144
PfR Bandwidth Visibility Distribution for xDSL Access 11-144
PfR Scaling Improvement for Application Traffic Class (TC) 11-144
PPPoGEC—Per Session QoS [Include Model F Support] 11-144
Prefix Suppression Support for OSPFv3 11-144
SIP ALG Hardening for NAT and Firewall 11-145
Suite-B Support in IOS SW Crypto 11-145
Support for Algorithms in the Suite B Specification for IPSec by the On-Board Crypto Engine in Cisco ASR 1000 Series Aggregation Services Routers 11-145
Support for Negotiation of an Audio Codec from a List of Codecs on Each Leg of a SIP-SIP Call on the Cisco Unified Border Element 11-145
TCP - Configurable Keepalive Timer 11-145
TCP Reset Segment Control 11-146
Unicast Reverse Path Forwarding Loose Mode 11-146
VPLS BGP Signaling 11-146
VPLS MAC Limit Enhancement 11-146
VRRPv3 Protocol Support 11-146
WebEx SPA 11-146
Y.1731 Performance Monitoring 11-146
Important Notes 11-147
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature 11-147
Deferrals 11-147
Field Notices and Bulletins 11-147
Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S 11-147
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S 12-149
New and Changed Information 12-149
xxiOL-26698-25
Contents
New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S 12-149
Cisco ASR 1002-X Router 12-150
Cisco ASR 1000 Embedded Services Processor 100-Gbps 12-150
SPA-4XOC3-POS-V2 support on ASR-1000 12-150
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S 12-150
ALG—H.323 vTCP with High Availability Support for Firewall and NAT 12-150
ASR1000 IPSec Debuggability Enhancement - Phase I 12-151
BGP—Attribute Filter and Enhance Attribute Error Handling 12-151
E-OAM : Multiple Port MAs Under Single MD 12-151
BGP Support for the L2VPN Address Family 12-151
CUBE(SP): H.248 BAC Support 12-151
CUBE(SP): IMS: Support for RF Interface (charging) 12-151
Flexible NetFlow: IPFIX Export Format 12-151
Flexible NetFlow: Export to an IPv6 Address 12-151
FTP66 ALG support for IPv6 Firewall 12-152
GRE IPv6 Tunnels 12-152
IP SLA QFP Time Stamping 12-152
IPv6 Firewall Support for Prevention of DDoS Attacks and Resource Management 12-152
IPv6 Zone-Based Firewall Support Over VASI Interfaces 12-152
Lawful Intercept License Monitoring Support 12-152
NBAR Classification Enhancements for IOS-XE3.7 12-152
NBAR Multi-stage classification 12-152
Performance Routing (PfR) with NBAR/CCE Application Recognition 12-153
Stateful NAT64—Interchassis Redundancy 12-153
Suite-B Support in IOS SW Crypto 12-153
Unicast Reverse Path Forwarding ACL Support 12-153
Universal SIP40 support for ASR1K 12-153
VPLS Autodiscovery, BGP-based 12-153
Walk-By User Support for PWLAN 12-153
GGSN Pooling Support for Firewalls 12-154
IPv6 Over DMVPN 12-154
IPv6 Remote Access for IPSec VPN 12-154
Bandwidth Based Call Admission Control (CAC) 12-154
Dynamic REFER Handling on CUBE 12-154
External: Support for Inclusion of Authorization Header in the Initial REGISTER Request 12-154
Multiple Destination Pattern Support on Voice Dialpeer 12-154
Supplementary Services Support on CUBE for RTP-SRTP calls 12-154
xxii OL-26698-25
Contents
Support for Populating Route Header Based on Proxy Server IP Address and Port, and Service-route Header Present in the REGISTER Response 12-155
Support for SIP Registration Proxy on CUBE 12-155
E-OAM : Multiple Port MAs Under Single MD 12-155
EIGRP IPv6 MIBs 12-155
Embedded Packet Capture (EPC) 12-155
Flexible NetFlow: Extracted Fields Support 12-155
IPSLA 4.0 - IP v6 phase2 12-155
ISIS client for BFD c-bit support 12-156
MVPNv6 12-156
OSPFv3 RFC 3101 Support 12-156
OSPFv3 MIB 12-156
Perf-mon V3 12-156
FRF.12 Support on MFR Interfaces 12-156
PfR Syslog and Trap enhancement 12-156
PPPoGEC: Per Session QoS 12-156
PWLAN ISG: Walking-by Sessions Scale Support 12-157
Y.1731/CFM Test TLV support 12-157
BGP - Add Path 12-157
BGP VPLS Auto Discovery Support on Route Reflector 12-157
BGP - mVPN SAFI-129 IPv6 12-157
BGP - mVPN BGP sAFI 129 IPv4 12-157
BGP - multicast VPN auto-discovery and customer-multicast routing 12-157
ISIS BFD TLV 12-158
Important Notes 12-158
End of Sale and End of Life of Cisco Traditional NetFlow 12-158
Deferrals 12-158
Field Notices and Bulletins 12-159
Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.0S 12-159
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.6S 13-161
New and Changed Information 13-161
New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.2S 13-162
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.2S 13-162
New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.1S 13-162
xxiiiOL-26698-25
Contents
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.1S 13-162
New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.0S 13-162
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.0S 13-162
ACL syslog Correlation 13-163
Add Policy and Engineering Capabilities to PETR Usage 13-163
ALG: H.323 v6 Support 13-163
Audio and Video SPA Supports High-Definition (HD) Video 13-163
IPsec Feature License for Monitoring and Reporting 13-163
BFD - BFD Hardware Offload Support 13-163
BFD C Bit Support - RFC5882 13-163
BFD Support for EIGRP IPv6 13-164
BFD: BGP Multihop Client Support and C Bit (IPv4/IPv6) 13-164
BGP - iBGP NSR 13-164
BGP - mVPN BGP sAFI 129 - IPv4 13-164
BGP NSR - Autosense 13-164
BGP: Graceful Shutdown (GSHUT) 13-164
Carrier Grade Network Address Translation 13-164
CEM Support for SPA-2CHT3-CE-ATM 13-164
Cisco Unified Border Element (SP Edition): Common IP Address Media Bypass 13-165
Cisco Unified Border Element (SP Edition): Via Header Passthrough 13-165
Class Default Shaper on Physical Interface in Combination with Service Policy Applied to dMVPN Tunnel 13-165
CSL CallHome for the Cisco ASR 1001 Router 13-165
EIGRP IPv6 NSF/GR 13-165
EIGRP Route Tag Enhancements 13-165
Enhanced Route Tags 13-165
Ethernet Operations, Administration, and Maintenance (OAM) 13-165
GEC VPWS Support 13-166
Group Encrypted Transport VPN Key Server 13-166
IOS ACL Support for Filtering IP Options 13-166
IP SLAs TWAMP Responder v1.0 13-166
IP Tunnel - SSO c7600 13-166
IPv6 ACL Extensions for Hop by Hop Filtering 13-166
IPv6 VRF-Aware PBR Next-Hop Enhancement 13-166
ISG Downstream Enhancements—Passthrough and Idle-Timer 13-166
IS-IS IPv6 Administrative Tag 13-166
IS-IS IPv6 Advertise Passive Only 13-167
xxiv OL-26698-25
Contents
L2VPN Interworking: Frame Relay to ATM (Bridged Mode) 13-167
LISP Virtualization Support for Multiple Parallel RLOC Domains 13-167
MediaTrace 2.0 13-167
MPLS TE - TE Display Debug Info for PCALC Error Show Command 13-167
MPLS Traffic Engineering - AutoTunnel Mesh Groups 13-167
SSO Support for MPLS-TE Autotunnel-Automesh Feature 13-169
Support Multiple xTRs with Dynamic RLOCs at a Site 13-169
USB eToken 64 KB Smartcard Support 13-169
Zone-Based Policy Firewall IPv6 Support 13-169
Important Notes 13-169
Deferrals 13-169
Field Notices and Bulletins 13-170
Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.0S 13-170
Information about Caveats 14-173
Using the Cisco Bug Search Tool 14-173
Open and Resolved Bugs 14-174
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S 15-177
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.3S 15-177
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.3S 15-177
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.2S 15-178
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.2S 15-178
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.2S 15-180
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.1S 15-181
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.1aS 15-181
xxvOL-26698-25
Contents
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.1S 15-181
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.1S 15-182
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S 15-183
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S 15-183
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S 15-185
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S 16-187
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.5S 16-187
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.5S 16-187
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.5S 16-194
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4bS 16-198
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4bS 16-198
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4aS 16-199
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4aS 16-199
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4aS 16-207
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.3S 16-211
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.3S 16-211
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.3S 16-218
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S 16-222
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2bS 16-223
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S 16-223
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S 16-223
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS 16-225
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS 16-225
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS 16-225
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S 16-226
xxvi OL-26698-25
Contents
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S 16-227
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S 17-229
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.3S 17-229
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.3S 17-229
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.3S 17-234
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.2S 17-235
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.2S 17-236
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.2S 17-238
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.1S 17-238
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.1S 17-239
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.1S 17-241
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S 17-242
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S 17-242
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S 17-249
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S 18-251
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.3S 18-251
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.3S 18-251
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.3S 18-252
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.2S 18-255
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.2S 18-255
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.2S 18-256
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.1S 18-256
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.1S 18-256
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.1S 18-257
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S 18-258
xxviiOL-26698-25
Contents
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S 18-258
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S 18-262
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S 19-267
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7aS 19-267
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7aS 19-267
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S 19-268
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S 19-268
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S 19-269
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6bS 19-270
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6bS 19-271
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S 19-271
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S 19-271
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S 19-272
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S 19-272
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5aS 19-273
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S 19-273
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S 19-274
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S 19-275
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S 19-275
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S 19-277
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S 19-277
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S 19-277
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S 19-278
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S 19-279
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S 19-279
xxviii OL-26698-25
Contents
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S 19-281
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S 19-282
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S 19-282
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S 19-284
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S 19-284
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S 19-284
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S 19-324
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S 20-333
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.4S 20-333
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.4S 20-333
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.3S 20-333
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.3S 20-334
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S 20-335
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S 20-335
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S 20-337
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S 20-337
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S 20-338
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S 20-347
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS 20-351
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS 20-351
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S 20-353
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S 20-353
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S 20-361
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S 21-365
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.3S 21-366
xxixOL-26698-25
Contents
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.3S 21-366
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.3S 21-367
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S 21-367
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S 21-367
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S 21-391
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S 21-416
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S 21-416
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S 21-417
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S 21-417
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S 21-444
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S 21-478
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S 21-478
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S 21-541
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S 22-547
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.9S 22-547
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.9S 22-547
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.8S 22-548
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.8S 22-548
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.8S 22-548
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.7S 22-548
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.7S 22-549
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.7S 22-550
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.6S 22-551
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.6S 22-551
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.6S 22-554
xxx OL-26698-25
Contents
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.5S 22-555
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.5S 22-556
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.5S 22-557
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.4S 22-558
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.4S 22-558
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.4S 22-578
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.3S 22-582
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.3S 22-582
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.3S 22-612
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S 22-617
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S 22-618
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S 22-648
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.1S 22-649
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.1S 22-650
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.1S 22-689
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S 22-696
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S 22-696
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S 22-731
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9S 23-743
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.2S 23-743
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.2S 23-743
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.2S 23-748
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.1S 23-766
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.1S 23-766
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.1S 23-776
xxxiOL-26698-25
Contents
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.0S 23-797
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.0S 23-797
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.0S 23-803
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S 24-867
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8.2S 24-867
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.8.2S 24-867
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.8.2S 24-873
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8.1S 24-891
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.8.1S 24-891
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.8.1S 24-895
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S 24-914
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S 24-914
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S 24-915
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S 25-1021
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.7S 25-1021
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.7S 25-1021
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.6S 25-1022
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.6S 25-1022
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.5S 25-1029
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.5S 25-1030
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.5S 25-1042
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.4aS 25-1065
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.4aS 25-1066
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.4S 25-1066
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.4S 25-1066
xxxii OL-26698-25
Contents
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.4S 25-1069
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S 25-1102
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S 25-1102
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.3S 25-1104
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2T 25-1120
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2T 25-1120
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S 25-1121
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S 25-1121
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.2S 25-1124
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S 25-1134
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S 25-1134
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1S 25-1144
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S 25-1175
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S 25-1175
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S 25-1186
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6S 26-1188
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6S 26-1188
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.1S 26-1189
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.1S 26-1190
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.6S 26-1195
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.2S 26-1203
MIBs Used in Cisco ASR 1000 Series Aggregation Services Routers 27-1208
MIBs for Cisco ASR 1000 Series Aggregation Services Routers 27-1208
Related Documentation for Cisco ASR 1000 Series Aggregation Services Routers 1-1214
Cisco ASR 1000 Series Aggregation Services Routers Documents 1-1214
xxxiiiOL-26698-25
Contents
Error Message Documentation for Cisco ASR 1000 Series Aggregation Services Routers 1-1215
Obtaining Documentation and Submitting a Service Request 1-1215
xxxiv OL-26698-25
Cisco ASR 1000 Series Aggregation Services Routers Release Notes
For release notes information about the Cisco ASR 1000 Series Aggregation Services Routers releases prior to Release 3.6.0S, see Cisco IOS XE 3S Release Notes.
Note Cisco ASR 1001 Routers support the Cisco IOS XE Release 3.10aS image.
About Cisco ASR 1000 Series Aggregation Services Routers
Cisco ASR 1000 Series Aggregation Services Routers are Cisco routers deployed as managed service provide routers, enterprise edge routers, and service provider edge routers. These routers use an innovative and powerful hardware processor technology known as the Cisco QuantumFlow Processor.
Cisco ASR 1000 Series Aggregation Services Routers run the Cisco IOS XE software and introduce a distributed software architecture that moves many operating system responsibilities out of the IOS process. In this architecture, Cisco IOS, which was previously responsible for almost all of the internal software processes, now runs as one of many Cisco IOS XE processes while allowing other Cisco IOS XE processes to share responsibility for running the router.
Cisco ASR 1000 Series Aggregation Services Routers Release 3.8.0S have several new software features. For details on the new Cisco ASR 1002-X Router, Cisco ASR 1000 Series Aggregation Services Routers 100-Gbps Embedded Services Processor, and the new features, see the New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S, page 136.
New hardware support and several new software features were introduced as part of the Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.1. For details on the new Cisco ASR 1002-X Router, Cisco ASR 1000 Series Aggregation Services Routers 100-Gbps Embedded Services Processor, and the new features, see the New and Changed Information, page 149.
The Cisco ASR 1000 Series Aggregation Services Routers consists of the following routers:
• The Cisco ASR 1001 Router is a small form factor router targeted at high-end branch offices needing integrated services, including voice and security with high-speed connectivity (2.5 Gbps w/optional SW license for 5 Gbps). It is designed with integrated Cisco ASR1000-RP, Cisco ASR1000-SIP, and Cisco ASR1000-ESP, with Nitrox complex providing hardware based encryption and decryption. Input/output options include half-height SPA, 4x1GE built-in ports, and factory-installed integrated daughtercard (IDC) with different options.
• The Cisco ASR 1002 Router is a 3-SPA, 2-rack-unit (RU) chassis with integrated Route Processor (RP), Cisco ASR 1000 Series Aggregation Services Routers Shared Port Adapter Interface Processor (SIP), and four Gigabit Ethernet ports built in.
• The Cisco ASR 1002-F Router supports the same features and components as the Cisco ASR 1002 Router and supports 2.5 Gbps bandwidth limit with a single half height SPA. In addition, the Cisco ASR 1002-F Router has an integrated 4x1GE built-in ports and 2.5 GB of fixed system bandwidth.
• The Cisco ASR 1002-X Router is a 3-SPA, 2-RU chassis. The embedded services processor and route processor are integrated into the chassis. There are 6 small form factor pluggable (SFP) Gigabit Ethernet ports. The router provides a forwarding bandwidth of up to 36 Gbps.
• The Cisco ASR 1004 Router is an 8-SPA, 4-RU chassis with one ESP slot, one RP slot, and two SIP slots.
• The Cisco ASR 1006 Router is a 12-SPA, 6-RU, hardware-redundant chassis with two ESP slots, two RP slots, and three SIP slots. The platform offers RP and ESP hardware redundancy, Cisco Nonstop Forwarding (NSF), In-Service Software Upgrade (ISSU), and future RP hardware upgrades.
• The Cisco ASR 1013 Router is a 24-SPA, 13-RU, hardware-redundant chassis with two ESP slots, two RP slots, and six SIP slots. The platform offers full RP hardware redundancy, Cisco Nonstop Forwarding (NSF), In-Service Software Upgrade (ISSU), and future RP hardware upgrades and services upgrades.
For the single-RP Cisco ASR 1000 Router platforms, Cisco ASR 1001, Cisco ASR 1002, Cisco ASR 1002-F, Cisco ASR 1002-X and Cisco ASR 1004, the RP has a dual Cisco IOS software option that allows these routers to use Cisco IOS software redundancy, Cisco high-availability features, and Nonstop Forwarding (NSF). Single-route-processor Cisco ASR 1000 platforms do not support ISSU upgrade or downgrade. Instead sub-package software upgrade is supported only if the router is running in sub-package mode.
The Cisco ASR 1006 Router supports fully redundant RPs that allow for full RP hardware redundancy, NSF, ISSU, and future RP service upgrades.
The Cisco ASR 1013 Router extends the Cisco ASR 1000 Series Routers to a chassis that can hold six SIPs and provides superslots (more height and power) for the route processors and embedded services processors.
Note Software redundancy is not supported on the Cisco ASR 1006 Router and the Cisco ASR 1013 Router.
Cisco IOS XE 3S Releases and Cisco IOS Release Number Mapping
The Cisco ASR 1000 Series Aggregation Services Routers releases correspond to the Cisco IOS XE releases. For example, Cisco IOS XE Release 3.7.0 is the software release for Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.0.
2Cisco ASR 1000 Series Aggregation Services Routers Release Notes
OL-26698-25
Table 1 lists the mappings between the Cisco IOS XE 3S releases and their associated Cisco IOS releases.
Table 1 Cisco IOS XE 3S–to–Cisco IOS Release Number Mapping
Cisco IOS XE 3S Release Cisco IOS Release
3.1.0S 15.0(1)S
3.1.1S 15.0(1)S1
3.1.2S 15.0(1)S2
3.1.3S 15.0(1)S3
3.1.4S 15.0(1)S4
3.1.4aS 15.0(1)S4a
3.2.0S 15.1(1)S
3.2.1S 15.1(1)S1
3.2.2S 15.1(1)S2
3.3.0S 15.1(2)S
3.3.1S 15.1(2)S1
3.3.2S 15.1(2)S2
3.4.0S 15.1(3)S
3.4.0aS 15.1(3)S0a
3.4.1S 15.1(3)S1
3.4.2S 15.1(3)S2
3.4.3S 15.1(3)S3
3.4.4S 15.1(3)S4
3.5.0S 15.2(1)S
3.5.1S 15.2(1)S1
3.5.2S 15.2(1)S2
3.6.0S 15.2(2)S
3.6.1S 15.2(2)S1
3.6.2S 15.2(2)S2
3.7.0S 15.2(4)S
3.7.1S 15.2(4)S1
3.7.2S 15.2(4)S2
3.7.3S 15.2(4)S3
3.7.4S 15.2(4)S4
3.7.5S 15.2(4)S5
3.7.6S 15.2(4)S6
3.8.0S 15.3(1)S
3.8.1S 15.3(1)S1
3.8.2S 15.3(1)S2
3Cisco ASR 1000 Series Aggregation Services Routers Release Notes
4Cisco ASR 1000 Series Aggregation Services Routers Release Notes
OL-26698-25
Transition from Cisco IOS XE Release 2.6 to Cisco IOS XE Release 3.1S
In July 2010, the Cisco IOS XE software moved from Cisco IOS XE Release 2.6 to Cisco IOS XE Release 3.1S to introduce new hardware (Cisco ASR1000-ESP40, Cisco ASR1000-SIP40, and Cisco ASR 1013 Router) and an enhanced Cisco IOS Release 15.0(1)S software that runs on improved componentized code for Cisco IOS features.
One of the key features of the Cisco IOS XE 3.1S software was support for dual Cisco IOS software consolidated packages in a single RP for software redundancy in the 2-RU and 4-RU chassis systems (The dual IOS support was extended to ASR1001). The dual Cisco IOS consolidated packages can consist of the same software consolidated packages for backup or different software consolidated packages for resilient upgrade.
The Cisco IOS XE release numbering scheme was modified by adding the suffix S to the release number to denote the release branch that differentiate the different products using the Cisco IOS XE release.
The underlying Cisco IOS software numbering scheme for the Cisco ASR 1000 Series Routers changed from 12.2(33)XNx to 15.0(1)S. This change was aimed at simpler numbering for new feature releases (the number in parenthesis) and rebuilds.
Cisco IOS Release 15S aggregates feature inheritance from Cisco IOS Release 12.2SR.The 15.x(x)Sx releases will continue to be time-based and time-synchronized with the Cisco IOS XE releases.
The Cisco IOS XE 3S releases inherit all the Cisco IOS XE Release 2 features that were released prior to the introduction of Cisco IOS XE Release 3.1.0S, with a few exceptions. For information about inherited features, see Release Notes for Cisco ASR 1000 Series Aggregation Services Routers for Cisco IOS XE Release 2.
6Cisco ASR 1000 Series Aggregation Services Routers Release Notes
OL-26698-25
System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
The following sections describe the system requirements for Cisco ASR 1000 Series Aggregation Services Routers:
• Software Packaging, page 7
• Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU, page 10
• Hardware Supported, page 16
• ROMmon Release Requirements, page 16
• Determining the Release Number of the Installed Software, page 21
• Upgrading to a New Software Release, page 28
Software PackagingCisco ASR 1000 Series Aggregation Services Routers run Cisco IOS XE 3S and use a software packaging model that consists of the following components:
• Consolidated packages
• Individual software subpackages within a consolidated package
• Optional software subpackages outside the consolidated packages
Each consolidated package contains a collection of individual software subpackages. Each individual software subpackage is an individual software file that controls a different element or elements of the router. Some individual subpackages may be installed per element, for example, per SPA.
Note The subpackage functionality is intended for both upgrade and field support. However, not all combinations of subpackages are supported.
Each individual software subpackage can be upgraded individually, or all individual software subpackages for a specific Cisco IOS XE 3S consolidated package can be upgraded as part of a complete Cisco IOS XE 3S consolidated package upgrade.
Cisco Systems, Inc.www.cisco.com
Software Packaging
Importantly, IOS (the RPIOS individual software subpackage) is considered one of the individual software subpackages that makes up the complete Cisco IOS XE 3S consolidated package.
The following are the individual software subpackages within a consolidated package:
• Route Processor
– RPBase: Provides the RP operating system.
– RPControl: Provides the control plane processes that interface between Cisco IOS software and the rest of the platform.
– RPIOS: Provides the Cisco IOS software kernel, which is where Cisco IOS software features are stored and run. Each consolidated image variant has a different RPIOS subpackage: RPIOS-ipbase, RPIOS-ipbasek9, RPIOS-advipservices, RPIOS-advipservicesk9, RPIOS-adventservices, and RPIOS-adventservicesk9.
Note The RPIOS-advipservices and RPIOS-adventservices subpackages are available from Cisco IOS XE Release 2.2.1 onward. These two subpackages are not available with Cisco IOS XE Release 2.1.2 and earlier releases.
– RPAccess: Provides components to manage enhanced router access functionality.
• ESP
– ESPBase: Provides the ESP operating system and control processes, and the Cisco QuantumFlow Processor client, driver, and ucode.
• SIP
– SIPBase: Provides the SIP operating system and control processes
– SIPSPA: Provides the SPA drivers and the associated field-programmable device (FPD) images (SPA FPGA images)
A Cisco IOS XE 3S consolidated package allows users to upgrade all the individual software subpackages on a router with a single Cisco IOS XE 3S image download. The Cisco IOS XE 3S consolidated packages that are available vary based on the RP (RP1 or RP2) installed in the system and the Cisco IOS XE 3S release.
The following are the RP1 consolidated packages:
• Cisco ASR 1000 Series Aggregation Services Routers RP1 IP BASE W/O CRYPTO
• Cisco ASR 1000 Series Aggregation Services Routers RP1 IP BASE
• Cisco ASR 1000 Series Aggregation Services Routers RP1 ADVANCED IP SERVICES
• Cisco ASR 1000 Series Aggregation Services Routers RP1 ADVANCED IP SERVICES W/O CRYPTO
• Cisco ASR 1000 Series Aggregation Services Routers RP1 ADVANCED ENTERPRISE SERVICES
• Cisco ASR 1000 Series Aggregation Services Routers RP1 ADVANCED ENTERPRISE SERVICES W/O CRYPTO
The following are the RP2 consolidated packages:
• Cisco ASR 1000 Series Aggregation Services Routers RP2 IP BASE W/O CRYPTO
• Cisco ASR 1000 Series Aggregation Services Routers RP2 IP BASE
• Cisco ASR 1000 Series Aggregation Services Routers RP2 ADVANCED IP SERVICES
8System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Software Packaging
• Cisco ASR 1000 Series Aggregation Services Routers RP2 ADVANCED IP SERVICES W/O CRYPTO
• Cisco ASR 1000 Series Aggregation Services Routers RP2 ADVANCED ENTERPRISE SERVICES
• Cisco ASR 1000 Series Aggregation Services Routers RP2 ADVANCED ENTERPRISE SERVICES W/O CRYPTO
The individual software subpackages within the consolidated packages cannot be downloaded from cisco.com; only the Cisco IOS XE S consolidated packages and optional subpackages can be downloaded. Users who want to run the router using individual software subpackages must first download the consolidated package from cisco.com and extract the individual software subpackages from the consolidated package.
In addition to the individual software subpackages within a consolidated package, optional software subpackages that are not part of a consolidated package are available. Optional software subpackages can be downloaded separately from cisco.com; their installation is similar to the installation of an individual software subpackage using a provisioning file. The optional subpackage must be located in the same directory with the provisioning file and the other individual subpackage files. The optional software subpackages that are available vary based on the RP installed in the system: RP1 or RP2:
• For RP1, the optional software subpackage available is the Cisco ASR 1000 Series Aggregation Services Routers RP1 WebEx Node (asr1000rp1-sipspawmak9.version.pkg)
• For RP2, the optional software subpackage available is the Cisco ASR 1000 Series Aggregation Services Routers RP2 WebEx Node (asr1000rp2-sipspawmak9.version.pkg)
Note The Cisco ASR 1000 Series Aggregation Services Routers RP1 WebEx Node and Cisco ASR 1000 Series Aggregation Services Routers RP2 WebEx Node optional software subpackages are available only from Cisco IOS XE Release 2.4.0 onward and are supported only in conjunction with a related RP-based Cisco ASR 1000 Series Aggregation Services Routers RPx IP BASE, Cisco ASR 1000 Series Aggregation Services Routers RPx ADVANCED IP SERVICES, or Cisco ASR 1000 Series Aggregation Services Routers RPx ADVANCED ENTERPRISE SERVICES consolidated package. These optional software subpackages are not supported with earlier Cisco IOS XE releases or with any of the non-CRYPTO consolidated packages.
Note ISSU operation on the Cisco ASR 1002 Router, Cisco ASR 1002-X Router and Cisco ASR 1004 Router requires the router to be operating in subpackage mode.
Note USB (or any other removable media) cannot be used to boot the system in the subpackage mode.
For more information about the advantages and disadvantages of running individual subpackages or a complete Cisco IOS XE 3S consolidated package, and the process of extracting the individual subpackages, see Cisco ASR 1000 Series Aggregation Services Router Software Configuration Guide at the following location:
Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU
Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU
Cisco IOS XE Release 3.1S is an ISSU break release. ISSU upgrade and subpackage software upgrade from Cisco IOS XE Release 2.x to Cisco IOS XE Release 3.xS, including Release 3.1S, is not supported. ISSU downgrade from Cisco IOS XE Release 3.xS, including Release 3.1S to Release 2.x, is not supported either.
Support for ISSU upgrade and subpackage software upgrade has been resumed from Cisco IOS XE Release 3.1S onward. Therefore, rebuilds and releases after Cisco IOS XE Release 3.1S will support ISSU and software upgrade and downgrade, based on the ISSU compatibility matrix tables. For example, ISSU upgrade and downgrade between Cisco IOS XE Release 3.1.0S (15.0(1)S) to Cisco IOS XE Release 3.xS are supported.
This document describes the Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU ASR 1000 ISSU Compatibility Matrix.
For information about Cisco IOS XE 2.x releases that support ISSU and software upgrade and downgrade, based on the ISSU compatibility matrix tables in Cisco IOS XE Release 2, see the “Cisco IOS XE Release Compatibility Tables” section in Release Notes for Cisco ASR 1000 Series Aggregation Services Routers for Cisco IOS XE Release 2.
Note Cisco IOS XE software compatibility is supported only between images that are of the same type, for example, advipservicesk9 to advipservicesk9, adventerprisek9 to adventerprisek9, and so on. Cross-image-type upgrades or installations are not supported in the ISSU process. For example, you cannot upgrade ipbase to advipservicesk9 or advipservices to advipservicesk9.
RP Memory Recommendations
The Cisco IOS XE 3S images and packages that are available vary based on the RP (either RP1 or RP2) installed in the system:
• Table 1 describes the RP1 consolidated package images, their individual software subpackage contents, and their memory recommendations.
• Table 2 describes the RP1 optional subpackage images and their memory recommendations.
• Table 3 describes the RP2 consolidated package images, their individual software subpackage contents, and their memory recommendations.
• Table 4 describes the RP2 optional subpackage images and their memory recommendations.
Each Cisco IOS XE 3S image also contains two provisioning files: asr1000rpx-packages.image.version.conf and packages.conf. A provisioning file is used for booting only in scenarios where individual modules are extracted from the Cisco IOS XE 3.1S image and then used to run the router. Any one of the provisioning files can be used.
10System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU
Table 1 RP1 Memory Recommendations for the Cisco ASR 1000 Series Aggregation Services Routers Consolidated Package Images
Platforms Image Name Software Image Individual Subpackage Contents DRAMMemory
Cisco ASR 1002 Router
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1000 Series RP1 IP BASE W/O CRYPTO
asr1000rp1-ipbase.version.bin asr1000rp1-rpbase.version.pkg 4 GB (for Cisco ASR 1002 Router)
2–4 GB (for Cisco ASR 1004 and Cisco ASR 1006 routers)
asr1000rp1-rpcontrol.version.pkg
asr1000rp1-rpaccess.version.pkg
asr1000rp1-rpios-ipbase.version.pkg
asr1000rp1-espbase.version.pkg
asr1000rp1-sipbase.version.pkg
asr1000rp1-sipspa.version.pkg
asr1000rp1-packages-ipbase.version.conf
packages.conf
Cisco ASR 1002 Router
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1000 Series RP1 IP BASE
asr1000rp1-ipbasek9.version.bin asr1000rp1-rpbase.version.pkg 4 GB (for Cisco ASR 1002 Router) 2–4 GB (for Cisco ASR 1004 and Cisco ASR 1006 routers)
asr1000rp1-rpcontrol.version.pkg
asr1000rp1-rpaccess.version.pkg
asr1000rp1-rpios-ipbasek9.version.pkg
asr1000rp1-espbase.version.pkg
asr1000rp1-sipbase.version.pkg
asr1000rp1-sipspa.version.pkg
asr1000rp1-packages-ipbasek9.version.conf
packages.conf
Cisco ASR 1002 Router
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1000 Series RP1 ADVANCED IP SERVICES W/O CRYPTO
asr1000rp1-advipservices.version. bin
asr1000rp1-rpbase.version.pkg 4 GB (for Cisco ASR 1002 Router)
2–4 GB (for Cisco ASR 1004 and Cisco ASR 1006 routers)
asr1000rp1-rpcontrol.version.pkg
asr1000rp1-rpaccess.version.pkg
asr1000rp1-rpios-advipservices.version.pkg
asr1000rp1-espbase.version.pkg
asr1000rp1-sipbase.version.pkg
asr1000rp1-sipspa.version.pkg
asr1000rp1-packages-advipservices.version.conf
packages.conf
11System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU
Cisco ASR 1002 Router
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1000 Series RP1 ADVANCED IP SERVICES
asr1000rp1-advipservicesk9.version.bin
asr1000rp1-rpbase.version.pkg 4 GB (for Cisco ASR 1002 Router)
2–4 GB (for Cisco ASR 1004 and Cisco ASR 1006 routers)
asr1000rp1-rpcontrol.version.pkg
asr1000rp1-rpaccess.version.pkg
asr1000rp1-rpios-ipbasek9.version.pkg
asr1000rp1-espbase.version.pkg
asr1000rp1-sipbase.version.pkg
asr1000rp1-sipspa.version.pkg
asr1000rp1-packages-advipservicesk9.version.conf
packages.conf
Cisco ASR 1002 Router
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1000 Series RP1 ADVANCED ENTERPRISE SERVICES W/O CRYPTO
asr1000rp1-adventservices.version.bin
asr1000rp1-rpbase.version.pkg 4 GB (for Cisco ASR 1002 Router)
2–4 GB (for Cisco ASR 1004 and Cisco ASR 1006 routers)
asr1000rp1-rpcontrol.version.pkg
asr1000rp1-rpaccess.version.pkg
asr1000rp1-rpios-adventservices.version.pkg
asr1000rp1-espbase.version.pkg
asr1000rp1-sipbase.version.pkg
asr1000rp1-sipspa.version.pkg
asr1000rp1-packages-adventservices.version.conf
packages.conf
Cisco ASR 1002 Router
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1000 Series RP1 ADVANCED ENTERPRISE SERVICES
asr1000rp1-adventservicesk9.version.bin
asr1000rp1-rpbase.version.pkg 4 GB (for Cisco ASR 1002 Router)
2–4 GB (for Cisco ASR 1004 and Cisco ASR 1006 routers)
asr1000rp1-rpcontrol.version.pkg
asr1000rp1-rpaccess.version.pkg
asr1000rp1-rpios-adventservicesk9.version.pkg
asr1000rp1-espbase.version.pkg
asr1000rp1-sipbase.version.pkg
asr1000rp1-sipspa.version.pkg
asr1000rp1-packages-adventservicesk9.version.conf
packages.conf
Table 1 RP1 Memory Recommendations for the Cisco ASR 1000 Series Aggregation Services Routers Consolidated Package Images (continued)
Platforms Image Name Software Image Individual Subpackage Contents DRAMMemory
12System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU
Note RP2 images are available from Cisco IOS XE Release 2.3.0.
Table 2 RP1 Memory Recommendations for the Cisco ASR 1000 Series Routers Optional Subpackage Image
Platforms Image Name Software ImageFlash Memory
Cisco ASR 1002 Router
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1000 Series Aggregation Services Routers RP1 WebEx Node1
1. The Cisco ASR 1000 Series Aggregation Services Routers RP1 WebEx Node (asr1000rp1-sipspawmak9.version.pkg) optional software subpackage is available only from Cisco IOS XE Release 2.4.0 and is supported only in conjunction with the Cisco ASR 1000 Series Aggregation Services Routers RP1 IP BASE, Cisco ASR 1000 Series Aggregation Services Routers RP1 ADVANCED IP SERVICES, or Cisco ASR 1000 Series Aggregation Services Routers RP1 ADVANCED ENTERPRISE SERVICES consolidated package. This subpackage is not supported in Cisco IOS XE releases prior to Release 2.4.0 or with any of the non-CRYPTO consolidated packages.
asr1000rp1-sipspawmak9.version.XND.pkg 100 MB
Table 3 RP2 Memory Recommendations for the Cisco ASR 1000 Series Aggregation Services Routers Consolidated Package Images
Platforms Image Name Software Image Individual Subpackage Contents DRAMMemory
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1013 Router
Cisco ASR 1000 Series RP2 IP BASE W/O CRYPTO
asr1000rp2-ipbase.version.bin asr1000rp2-rpbase.version.pkg 8–16 GB (for Cisco ASR 1004 Router, Cisco ASR 1006 Router, and Cisco ASR 1013 Router)
asr1000rp2-rpcontrol.version.pkg
asr1000rp2-rpaccess.version.pkg
asr1000rp2-rpios-ipbase.version.pkg
asr1000rp2-espbase.version.pkg
asr1000rp2-sipbase.version.pkg
asr1000rp2-sipspa.version.pkg
asr1000rp2-packages-ipbase.version.conf
packages.conf
13System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1013 Router
Cisco ASR 1000 Series RP2 IP BASE
asr1000rp2-ipbasek9.version.bin asr1000rp2-rpbase.version.pkg 8–16 GB (for Cisco ASR 1004 Router, Cisco ASR 1006 Router, and Cisco ASR 1013 Router)
asr1000rp2-rpcontrol.version.pkg
asr1000rp2-rpaccess.version.pkg
asr1000rp2-rpios-ipbasek9.version. pkg
asr1000rp2-espbase.version.pkg
asr1000rp2-sipbase.version.pkg
asr1000rp2-sipspa.version.pkg
asr1000rp2-packages-ipbasek9.version.conf
packages.conf
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1013 Router
Cisco ASR 1000 Series RP2 ADVANCED IP SERVICES W/O CRYPTO
asr1000rp2-advipservices.version.bin
asr1000rp2-rpbase.version.pkg 8–16 GB (for Cisco ASR 1004 Router, Cisco ASR 1006 Router, and Cisco ASR 1013 Router)
asr1000rp2-rpcontrol.version.pkg
asr1000rp2-rpaccess.version.pkg
asr1000rp2-rpios-advipservices.version.pkg
asr1000rp2-espbase.version.pkg
asr1000rp2-sipbase.version.pkg
asr1000rp2-sipspa.version.pkg
asr1000rp2-packages-advipservices.version.conf
packages.conf
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1013 Router
Cisco ASR 1000 Series RP2 ADVANCED IP SERVICES
asr1000rp2-advipservicesk9.version.bin
asr1000rp2-rpbase.version.pkg 8–16 GB (for Cisco ASR 1004 Router, Cisco ASR 1006 Router, and Cisco ASR 1013 Router)
asr1000rp2-rpcontrol.version.pkg
asr1000rp2-rpaccess.version.pkg
asr1000rp2-rpios-advipservicesk9.version.pkg
asr1000rp2-espbase.version.pkg
asr1000rp2-sipbase.version.pkg
asr1000rp2-sipspa.version.pkg
asr1000rp2-packages-advipservicesk9.version.conf
packages.conf
Table 3 RP2 Memory Recommendations for the Cisco ASR 1000 Series Aggregation Services Routers Consolidated Package Images (continued)
Platforms Image Name Software Image Individual Subpackage Contents DRAMMemory
14System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Cisco ASR 1000 Series Aggregation Services Routers Software Package Compatibility for ISSU
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1013 Router
Cisco ASR 1000 Series RP2 ADVANCED ENTERPRISE SERVICES W/O CRYPTO
asr1000rp2-adventservices.version.bin
asr1000rp2-rpbase.version.pkg 8–16 GB (for Cisco ASR 1004 Router, Cisco ASR 1006 Router, and Cisco ASR 1013 Router)
asr1000rp2-rpcontrol.version.pkg
asr1000rp2-rpaccess.version.pkg
asr1000rp2-rpios-adventservices.version.pkg
asr1000rp2-espbase.version.pkg
asr1000rp2-sipbase.version.pkg
asr1000rp2-sipspa.version.pkg
asr1000rp2-packages-adventservices.version.conf
packages.conf
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1013 Router
Cisco ASR 1000 Series RP2 ADVANCED ENTERPRISE SERVICES
asr1000rp2-adventservicesk9.version.bin
asr1000rp2-rpbase.version.pkg 8–16 GB (for Cisco ASR 1004 Router, Cisco ASR 1006 Router, and Cisco ASR 1013 Router)
asr1000rp2-rpcontrol.version.pkg
asr1000rp2-rpaccess.version.pkg
asr1000rp2-rpios-adventservicesk9.version.pkg
asr1000rp2-espbase.version.pkg
asr1000rp2-sipbase.version.pkg
asr1000rp2-sipspa.version.pkg
asr1000rp2-packages-adventservicesk9.version.conf
packages.conf
Table 4 RP2 Memory Recommendations for the Cisco ASR 1000 Series Routers Optional Subpackage Image
Platforms Image Name Software ImageFlash Memory
Cisco ASR 1004 Router
Cisco ASR 1006 Router
Cisco ASR 1013 Router
Cisco ASR 1000 Series Aggregation Services Routers RP2 WebEx Node1
1. The Cisco ASR 1000 Series Aggregation Services Routers RP2 WebEx Node (asr1000rp1-sipspawmak9.version.pkg) optional software subpackage is available only from Cisco IOS XE Release 2.4.0 and is supported only in conjunction with the Cisco ASR 1000 Series Aggregation Services Routers RP2 IP BASE, Cisco ASR 1000 Series Aggregation Services Routers RP2 ADVANCED IP SERVICES, or Cisco ASR 1000 Series Aggregation Services Routers RP2 ADVANCED ENTERPRISE SERVICES consolidated package. This subpackage is not supported in Cisco IOS XE releases prior to Release 2.4.0 or in any of the non-CRYPTO consolidated packages.
asr1000rp2-sipspawmak9.version.XND.pkg 100 MB
Table 3 RP2 Memory Recommendations for the Cisco ASR 1000 Series Aggregation Services Routers Consolidated Package Images (continued)
Platforms Image Name Software Image Individual Subpackage Contents DRAMMemory
15System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Hardware Supported
Hardware SupportedCisco IOS XE 3S releases support the following Cisco ASR 1000 Series Routers:
• Cisco ASR 1001 Router
• Cisco ASR 1001-X Router
• Cisco ASR 1002 Router
• Cisco ASR 1002-F Router
• Cisco ASR 1002-X Router
• Cisco ASR 1004 Router
• Cisco ASR 1006 Router
• Cisco ASR 1009-X Router
• Cisco ASR 1013 Router
ROMmon Release RequirementsTable 5 provides information about the field-replaceable units (FRUs) of the Cisco ASR 1000 Series Aggregation Services Routers supported by each ROMmon release.
16System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
ROMmon Release Requirements
Table 6 lists the minimum ROMmon release supported for RP and ESP FRUs, for each Cisco IOS XE release. Table 7 lists the minimum ROMmon release supported for other FRUs, for each Cisco IOS XE release.
Table 7 Minimum ROMmon Release Supported for Other FRUs
Cisco IOS XE Release FRU
— ASR 1001ASR 1001-X
ASR 1002-X
ASR1000-2T+20x1GE
ASR1000-6TGE
ASR1000-MIP100
ASR1000-SIP10
ASR1000-SIP40
2.0.x — — — — — — XNC —
2.1.x — — — — — — XNC —
2.2.0 — — — — — — XNC —
2.2.1 — — — — — — XNC —
2.2.2 — — — — — — XNC —
2.3.0 — — — — — — XNC —
2.3.1 — — — — — — XNC —
2.3.2 — — — — — — XNC —
2.4.x — — — — — — XNC —
2.5.x — — — — — — XNC —
2.6.x — — — — — — XNC —
3.1.x — — — — — — XNC —
3.2.x 15.0(1r)S — — — — — XNC 15.0(1r)S
Table 6 Minimum ROMmon Release Supported for RP and ESP FRUs (continued)
Cisco IOS XE Release FRU
—ASR 1000 RP1
ASR 1002 RP1
ASR 1000 RP2
ASR 1000-ESP5
ASR 1000-ESP10
ASR1000-ESP20
ASR1000-ESP40
ASR1000-ESP100
ASR1000-ESP200
18System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
ROMmon Release Requirements
Table 8 lists the recommended ROMmon release for RP and ESP FRUs, for each Cisco IOS XE release. Table 9 lists the recommended ROMmon release for other FRUs, for each Cisco IOS XE release
1. For Cisco IOS XE Release 2.3.0d and Release 2.3.0e, ROMmon Release 15.2(1r)S is the recommended release.
Table 9 Recommended ROMmon Release for Other FRUs
Cisco IOS XE Release FRU
— ASR1001ASR 1001-X
ASR1002-X
ASR1000-2T+20x1GE
ASR1000-6TGE
ASR1000-MIP100
ASR1000-SIP10
ASR1000-SIP40
2.0.x — — — — — — 16.3(2r) —
2.1.x — — — — — — 16.3(2r) —
2.2.0 — — — — — — 16.3(2r) —
2.2.1 — — — — — — 16.3(2r) —
2.2.2 — — — — — — 16.3(2r) —
Table 8 Recommended ROMmon Release for RP and ESP FRUs (continued)
Cisco IOS XE Release FRU
—ASR1000 RP1
ASR 1002 RP1
ASR1000 RP2
ASR 1000-ESP5
ASR 1000-ESP10
ASR1000-ESP20
ASR1000-ESP40
ASR1000-ESP100
ASR1000-ESP200
20System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Determining the Release Number of the Installed Software
Determining the Release Number of the Installed SoftwareThis section provides information about determining the release number of the installed software.
Determining the Version of the Consolidated Package
To determine the version of the Cisco IOS XE Software (consolidated package) running on your router, log in to the router and enter the show version EXEC command.
The following is sample output of the show version command. The actual output displayed when you run the command will vary depending on the version of the product that you are using.
Table 9 Recommended ROMmon Release for Other FRUs (continued)
Cisco IOS XE Release FRU
— ASR1001ASR 1001-X
ASR1002-X
ASR1000-2T+20x1GE
ASR1000-6TGE
ASR1000-MIP100
ASR1000-SIP10
ASR1000-SIP40
21System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Determining the Release Number of the Installed Software
Router# show version
Cisco IOS Software, IOS-XE Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.2(1)S, RELEASE SOFTWARE (fc1)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2011 by Cisco Systems, Inc.Compiled Sun 27-Nov-11 21:19 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2011 by cisco Systems, Inc.All rights reserved. Certain components of Cisco IOS-XE software arelicensed under the GNU General Public License ("GPL") Version 2.0. Thesoftware code licensed under GPL Version 2.0 is free software that comeswith ABSOLUTELY NO WARRANTY. You can redistribute and/or modify suchGPL code under the terms of GPL Version 2.0. For more details, see thedocumentation or "License Notice" file accompanying the IOS-XE software,or the applicable URL provided on the flyer accompanying the IOS-XEsoftware.
ROM: IOS-XE ROMMON
Router uptime is 1 minuteUptime for this control processor is 3 minutesSystem returned to ROM by reloadSystem restarted at 22:07:05 UTC Sun Nov 27 2011System image file is "tftp:/auto/tftp-smoke2/mcpdt-rp2-14/vmlinux"Last reload reason: PowerOn
This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email [email protected].
cisco ASR1006 (RP2) processor with 4252282K/6147K bytes of memory.5 Gigabit Ethernet interfaces2 Channelized T3 ports32768K bytes of non-volatile configuration memory.8388608K bytes of physical memory.1925119K bytes of eUSB flash at bootflash:.78085207K bytes of SATA hard disk at harddisk:.
Configuration register is 0x2102
Determining the Version of the Individual Subpackages
To determine the version of the individual subpackages running on your router, log in to the router and enter the show version installed command in the User EXEC, Privileged EXEC, or Diagnostic mode.
The following is sample output of the show version installed command. The actual output displayed when you run the command will vary depending on the version of the product that you are using.
22System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Determining the Release Number of the Installed Software
Router# show version installed
Package: Provisioning File, version: n/a, status: active File: consolidated:packages.conf, on: RP0 Built: n/a, by: n/a File SHA1 checksum: 96de495067ade7bb7e17f833fb3e4136addff0a7
23System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Determining the Release Number of the Installed Software
Package: rpbase, version: 03.05.00.S.152-1.S, status: active File: consolidated:asr1000rp2-rpbase.03.05.00.S.152-1.S.pkg, on: RP0 Built: 2011-11-27_15.35, by: mcpre File SHA1 checksum: aadf1bfa5ff97720c3eeaed32e4d9941e54b0ea8
Package: rpcontrol, version: 03.05.00.S.152-1.S, status: active File: consolidated:asr1000rp2-rpcontrol.03.05.00.S.152-1.S.pkg, on: RP0/0 Built: 2011-11-27_15.35, by: mcpre File SHA1 checksum: 57f1f2c5536098d761d228d3a4d5031bf1f885fb
Package: rpios-adventerprisek9, version: 03.05.00.S.152-1.S, status: active File: consolidated:asr1000rp2-rpios-adventerprisek9.03.05.00.S.152-1.S.pkg, on: RP0/0 Built: 2011-11-27_15.41, by: mcpre File SHA1 checksum: 632836be203f1f5a94d7cbb4eb042890649d5b0d
Package: rpaccess, version: 03.05.00.S.152-1.S, status: active File: consolidated:asr1000rp2-rpaccess.03.05.00.S.152-1.S.pkg, on: RP0/0 Built: 2011-11-27_15.35, by: mcpre File SHA1 checksum: adc4045026a793a1523431f10860b6bf1fa1fb2c
27System Requirements for Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Upgrading to a New Software Release
Upgrading to a New Software ReleaseOnly Cisco IOS XE 3S consolidated packages can be downloaded from cisco.com; users who want to run a router using individual subpackages must first download the image from cisco.com and extract the individual subpackages from the consolidated package.
For information about upgrading to a new software release, see Cisco ASR 1000 Series Aggregation Services Router Software Configuration Guide at the following location:
Limitations and Restrictions in Release 3.13.0CUBE-ENT Limitations
Dial-peer simplification with Dial-peer Group is not supported with "REFER Consume".
Limitations and Restrictions in Release 3.12.0There are no new limitations or restrictions in Release 3.12.0.
Limitations and Restrictions in Release 3.11.0There are no new limitations or restrictions in Release 3.11.0.
Limitations and Restrictions in Release 3.10.0There are no new limitations or restrictions in Release 3.10.0.
Limitations and Restrictions in Release 3.9.0There are no new limitations or restrictions in Release 3.9.0.
Limitations and Restrictions in Release 3.8.0There are no new limitations or restrictions in Release 3.8.0.
Limitations and Restrictions in Release 3.7.0General Limitations
RF billing and Lawful Interception do not work together.
DMVPN Limitations
Cisco ASR 1000 devices does not support the ip nhrp server-only command used to configure an interface to operate in Next Hop Resolution Protocol (NHRP) server-only mode.
In a phase 2 deployment, NHRP server-only mode configured on one spoke stops all traffic from the configured spoke to other spokes.
In a phase 3 deployment, NHRP server-only mode configured on one spoke stops the shortcut tunnel from the configured spoke to other spokes and consequently all traffic from the configured spoke to other spokes have to be forwarded by Hub.
We recommend that you do not use the ip nhrp server-only command on Cisco ASR 1000 devices.
30Limitations and Restrictions in Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Limitations and Restrictions in Release 3.6.0
MPLS over IPv6 GRE Tunnel is not supported
The mpls ip command can be configured on the IPv6 GRE Tunnel, but it does not take effect.
Limitations and Restrictions in Release 3.6.0Mediatrace sessions are not established with crypto on WAN link
Mediatrace does not work on ASR 1006 Routers when crypto map is applied directly on the egress interface. This is because mediatrace uses RSVP, which in turn relies on IP Headers that cannot be encrypted in ASR 1006 Routers.
We recommend that you use GRE tunnel interface to apply the crypto map.
31Limitations and Restrictions in Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
Limitations and Restrictions in Release 3.6.0
32Limitations and Restrictions in Cisco ASR 1000 Series Aggregation Services Routers
OL-26698-25
New Features and Important Notes
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 35
• Important Notes, page 39
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.17S:
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.0S, page 35
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.0S, page 36
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.0S
No new hardware features were introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.0S.
Cisco Systems, Inc.www.cisco.com
New and Changed Information
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.0S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.0S
Additional features for multiple-m-line support on CUBE
For detailed information, see the following Cisco document:
One P/DPSS performance enhancement and new packet actions: dscp-marking, set-nexthop and forward
OneP/DPSS performance enhancement and new packet actions: dscp-marking, set-nexthop and forward feature enhances the performance of Data Path Service Set (DPSS) by initiating packet action during packet classification. The following are the packet actions included in the feature:
• Forward—The packet is forwarded as normal.
• Set DSCP—The packet's Differentiated Services Code Point (DSCP) value is changed.
• Set next hop—The packets are forwarded to next hop. VPN routing and forwarding (VRF) addresses are not supported.
PMIPv6 LMA SSO
The Proxy Mobile IPv6 (PMIPv6) protocol provides network-based IP mobility management support for mobile node. There are two network entities present in PMiPv6 domain—Local Mobility Anchor (LMA) and Mobile Access Gateway (MAG). The PMIPv6 LMA SSO feature provides high availability support in PMIPv6 via the High Availability and ISSU features on Cisco IOS XE software.
QoS: Per-Flow Admission
For detailed information, see the following Cisco document:
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
39New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 41
• Important Notes, page 48
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.16S:
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S, page 42
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS, page 42
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S, page 42
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S, page 42
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS, page 43
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.0S, page 43
Cisco Systems, Inc.www.cisco.com
New and Changed Information
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S
The Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S introduces the 2-Port 40 Gigabit Ethernet EPA with CPAK and Breakout Cable (EPA-CPAK-2x40GE).
2-Port 40 Gigabit Ethernet EPA with CPAK and Breakout Cable (EPA-CPAK-2x40GE)
For detailed information, see the following Cisco document:
Note This hardware is supported only on Cisco IOS XE Release 3.16.2S and later releases.This hardware is not supported on Cisco IOS XE Release 3.17S.
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS
The Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS introduces the Cisco ASR 1009-X Router and Cisco ASR 1006-X Router.
Cisco ASR 1009-X Router and Cisco ASR 1006-X Router
The Cisco ASR1006-X Router and Cisco ASR1009-X Router create a future-proof modular routing platform to support next generation Forwarding and Route Processor modules with hardware redundancy. The Cisco ASR1006-X Router and Cisco ASR1009-X Router provide up to 200 Gbps slot bandwidth to enable new high density Ethernet linecards utilizing the ASR1000-MIP100 and Ethernet Port Adapters (EPAs), and integrating N+1 power-on-demand design to the ASR1000 portfolio.
For detailed information, see the following Cisco document:
Cisco ASR 1009-X Router and Cisco ASR 1006-X Router
Cisco ASR 1006-X Router and Cisco ASR 1009-X Router are the new modular routing platforms that support ESP and RP modules with hardware redundancy, provide up to 200 Gbps slot bandwidth to enable high density Ethernet line cards, and integrate N+1 power-on-demand design for ASR 1000 Series Routers.
Custom App based on any NBAR2 extracted field
The Custom App Based on any NBAR2 Extracted Field feature provides additional custom protocol capabilities to NBAR2, which are provided through Protocol Packs in accordance with Cisco's Protocol Packs release policy.
DMVPN Akamai NAT Ph2
The DMVPN Akamai NAT Ph2 feature leverages the tunnel inside another tunnel feature to enable the usage of point-to-point GRE tunnel interface between a hub or spoke to an Akamai gateway as source interface for DMVPN tunnel between hub and spoke.
Domain Name System Security Extensions
For detailed information, see the following Cisco document:
The ping and traceroute command can determine if IWAN is enabled on a LAN interface thereby deciding if a packet must be to be injected in the ingress path or follow the regular path. The ping and traceroute commands are updated so that packets follow the same path when received on a LAN interface.
L3 custom any IP/Port
For detailed information, see the following Cisco document:
Cisco IOS SSL uses OpenSSL to perform SSL handshakes. To be on par with the standards in the industry and also to cater to your requirements for TLS 1.2 Cisco IOS SSL supports TLS 1.2 through the SSL - TLS 1.2 Support feature.
Support for pass-through of unsupported content types in SIP INFO messages
For detailed information, see the following Cisco document:
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
address ipv4 Command Changes
Effective with Cisco IOS XE Release 3.16.1aS, the auth port 0 keyword argument pair is not supported in the address ipv4 command. This command is configured in the RADIUS server configuration mode (config-radius-server), when authentication requests and accounting requests are sent to different servers.
Class of Restrictions (COR) Configuration
Class of Restrictions (COR) is a Cisco voice gateway feature that enables Class of Service (COS) or calling privileges to be assigned. It is most commonly used with Cisco Survivable Remote Site Telephony (SRST) and Cisco CallManager Express but can be applied to any dial peer. COR will work on Cisco ASR 1000 Series Aggregation Services Routers for Cisco IOS XE Release 3.17.3S and later releases only.
49New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
50New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
OL-26698-25
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 51
• Important Notes, page 58
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.15S:
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S, page 52
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.0S, page 52
Cisco Systems, Inc.www.cisco.com
New and Changed Information
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S
No new hardware features were introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.0S.
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.0S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15.0S.
1000M GLC-TE (catskills) support
For detailed information, see the following Cisco document:
The Border Gateway Protocol (BGP) flow specification client feature enables a device to perform the role of a BGP flow specification client and receive flow specification rules from a BGP flow specification controller.
Call Progress Analysis (CPA) over IP-IP Media Session
For detailed information, see the following Cisco document:
Zone-Based Firewall Handling of Zone Mismatch Traffic
For detailed information, see the following Cisco document: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_zbf/configuration/xe-3s/asr1000/sec-data-zbf-xe-asr1k-book/zbf-zone-mismatch.html
The Zone-Based Firewall Serviceability Enhancements Phase 4 feature provides the following functionalities:
• Enhances the zone-based firewall client debugs
• Enhances the firewall client statistics related to zone, zone pair, VRF, per-filter and PAM
• Provides policy transaction debugs.
• The following command was introduced: debug platform condition feature fw controlplane submode. For more information on this command, see Cisco IOS Debug Command Reference - Commands M through R.
• The following commands were removed: set platform software trace forwarding-manager FP active fw, set platform software trace forwarding-manager RP active fw, set platform software trace forwarding-manager F0 fw, set platform software trace forwarding-manager R0 fw. For more information on these commands, see Cisco IOS Security Command Reference: Commands M to R.
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
60New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S
OL-26698-25
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 61
• Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S, page 69
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.14.0S:
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S, page 62
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S, page 62
Cisco Systems, Inc.www.cisco.com
New and Changed Information
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S
No new hardware features were introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S.
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S:
8K GM Scale Improvement
For detailed information, see the following Cisco document:
AnyConnect Dual Stack Support on IOS FlexVPN Gateway - Announcing IPv6 Capability over GRE
For detailed information, see the following Cisco document: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/xe-3s/sec-flex-vpn-xe-3s-book/sec-cfg-flex-serv.html
Auto-Configuration of Remote Shapers
For detailed information, see the following Cisco document:
The DSP SNMP MIB feature provides additional DSPFARM profile objects to the CISCO-DSP-MGMT-MIB, which enables the profile objects to monitor and extract specific DSPFARM profile usage and have better control of resources. To locate and download MIBs for selected platforms,
Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
63New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
For detailed information, see the following Cisco document: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configura-tion/xe-3s/iro-xe-3s-book/ip6-route-ospfv3-xe.html
ISIS IPv6 Multi-process Support
For detailed information, see the following Cisco document:
For detailed information, see the following Cisco document:
Effective with Cisco IOS XE Release 3.14S, SSL VPN extends support for Hardware Service Module (HSM) through the SSL Support for HSM/ACT2 feature. This feature enables SSL VPN to establish SSL session with a peer when the cryptographic module is an HSM. HSM is a physical computing device that safeguards and manages digital keys for strong authentication and provides crypto process-ing. An example of HSM is e-token. These devices are either plug-in cards or external devices attached to computers or network devices. The HSM performs the following functions:
• Generates the cryptographic key
• Stores and manages the cryptographic key
• Proper use of cryptographic key and sensitive data
66New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
The ZBFW Serviceability Enhancement feature enhances output of existing show commands and intro-duces new show and debug commands to display all the Zone-Based Firewall configuration informa-
67New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
tion. The following commands were introduced or modified: debug platform condition feature fw controlplane level, show platform hardware qfp feature firewall, show policy-firewall config, show platform software firewall.For detailed information, see the following Cisco document:http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book.html
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.14S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S
There are no important notes specific to Cisco ASR 1000 Series Aggregation Services Routers Release 3.14.0S.
69New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
OL-26698-25
Important Notes
70New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
OL-26698-25
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 71
• Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S, page 79
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.13S:
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S, page 72
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S, page 72
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.0S, page 73
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.0S, page 73
Cisco Systems, Inc.www.cisco.com
New and Changed Information
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S
No new hardware features were introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S.
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S:
Dual DHCP lease query servers
For detailed information, see the following Cisco document:
When the ISM-VPN module is disabled because of a crash, the router’s encryption and decryption performance degrade due to the usage of an on board crypto-engine. The ISM Restartability feature allows you to reboot the module so that the ISM-VPN module can register again as a new crypto engine and download the relevant policies required to handle the crypto load of the router.
The ISM Module can be rebooted 3 times in an hour. However, if there are more than three crashes in less than an hour, the ISM-VPN module is not rebooted. You must reset the timers and enable the ISM-VPN module using the crypto engine slot and crypto engine accelerator command.
IPv6 Routing: IS-IS Support for IPv6
For detailed information, see the following Cisco document:
SNMP MIB for dial peer connection status based on SIP OPTIONS KEEP ALIVE
The CISCO-VOICE-DIAL-CONTROL MIB is used to track the list of dial-peers configured in CUBE. This MIB is used to track the dial peer connection status based on SIP OPTIONS keepalive. The OID for the dial-peer table is “cvPeerCfgTable” "1.3.6.1.4.1.9.9.63.1.2.1"
For detailed information, see the following Cisco document:
The output of the show policy-map type inspect zone-pair has been modified to display filter statistics.
Zone-Based Firewall Support of Multipath TCP
Multipoint TCP seamlessly works with zone-based firewall Layer 4 inspection. Multipoint TCP does not work with application layer gateways (ALGs) and application inspection and control (AIC).
For detailed information, see the following Cisco document:
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.9S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
80New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 81
• Important Notes, page 91
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.12S:
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS, page 82
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.0S, page 83
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.0S, page 83
Cisco Systems, Inc.www.cisco.com
New and Changed Information
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS
The Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS introduces the Cisco ASR 1001-X Router.
Cisco ASR 1001-X Router
The Cisco ASR 1001-X router is a compact 1RU form factor that consumes less rack space and power while offering 20 Gbps forwarding throughput. The Cisco ASR 1001-X Router supports one half-height Shared Port Adapter (SPA) slot, one Network Interface Module (NIM) slot, six Gigabit Ethernet (GE) small form-factor pluggable (SFP) slots, and two 10 GE SFP+ slots.
For detailed information, see the following Cisco document:
For detailed information, see the following Cisco document:
https://developer.cisco.com/web/onepk
Open Plug-N-Play Agent
The Open Plug-N-Play Agent is a software module running on an IOS device. This feature enables the acquisition and loading of pertinent image, configuration, and other required files to the device along with notifications for various events.
In the absence of a startup configuration file, the Open Plug-n-Play agent attempts to discover the address of the Open Plug-n-Play server. For this the Open Plug-n-Play agent uses DHCP, Domain Name System (DNS) server and other methods to acquire the desired IP address of the PnP server.
Packet Classification Using Frame-Relay DLCI Number
For detailed information, see the following Cisco document:
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.9S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 93
• Important Notes, page 105
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.11S:
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.0S, page 94
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.0S, page 94
Cisco Systems, Inc.www.cisco.com
New and Changed Information
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.0S
No new hardware was introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.0S.
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.0S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.0S.
1 port OC-48 POS/RPR SPA with SFP Optics
For detailed information, see the following Cisco document:
The BGP Graceful Shutdown (GSHUT) Enhancement feature enables graceful shutdown of either all neighbors or only virtual routing and forwarding (VRF) neighbors across BGP sessions. The following command has been introduced in this feature: bgp graceful-shutdown all.
BGP Monitoring Protocol
The BGP Monitoring Protocol (BMP) feature enables configuration and monitoring of BMP servers, establishing connection with the BMP clients, and monitoring and reporting of all configured BGP neighbors.
The following commands were added or modified for this feature:
• The "bmp-activate" keyword was added to the "neighbor" command.
• The "bmp" command was added.
94New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
CUBE HA Enhancements:Stateful Switch Over (SSO) for SIP Signaling over TCP/TLS connection, HA Protected State to simplify Active reboot, including SYSLOG msg,HA Box to Box Redundancy for ASR1006
This feature enhances existing CUBE High Availability and introduces the following
• Redundancy Group Protected mode
• Box to Box (B2B) redundancy support for customers that require large DSP resource capacity.
For detailed information, see the following Cisco document:
The IPv6 IPSec QoS feature applies the Quality of Service (QoS) policies to IPV6 IPsec. This feature supports the following functionalities:
• Crypto LLQ QoS: Traffic that is classified as priority, for example PAK priority, is en-queued to the priority queue before the crypto processor. The Low Latency Queuing (LLQ) for IPSec encryption engines helps reduce packet latency for priority traffic.
• IPSec QoS pre-classify: QoS pre-classify is configured under a crypto map to enable IPSec to save the original Layer 3 and Layer 4 header before the encryption so that Quality of Service (QoS) can do the classification using the saved header.
• QoS group-based LLQ: The QoS group-based LLQ feature allows IPSec to check the LLQ QoS group setting to determine whether a packet is a high priority packet before it is en-queued to Low Latency Queue (LLQ).
The following commands were modified: crypto map and qos pre-classify to reflect IPv6 capabilities
ISDN Phase 2 (for LAC) on E1
For detailed information, see the following Cisco document:
The Multi-Topology BGP with VRF enhancement feature enables multi- topology BGP routing in VRF. There are no new BGP commands introduced or modified for this feature. If multi-topology BGP is configured, the "address-family (ipv4 | ipv6) multicast" command under a specific "vrf definition" is used for configuration; else all multicast VRF activity is configured using the "address-family (ipv4 | ipv6)" command under "vrf definition".
100New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
The custom values enable you to name the attributes based on grouping of protocols. You can create custom values for the application-group, category, and sub-category attributes. Use the ip nbar attribute application-group custom application-group-name, ip nbar attribute category custom category-name, and ip nbar attribute sub-category custom sub-category-name to add custom values for the attributes application-group, category, and sub-category, respectively.
For detailed information, see the following Cisco document:
The NBAR taxonomy file contains the information such as common name, description, underlying protocol, for every protocol that is available in the protocol pack. Use the show ip nbar protocol-pack active taxonomy, show ip nbar protocol-pack inactive taxonomy, and show ip nbar protocol-pack loaded taxonomy commands to view the taxonomy for an active, inactive, and all loaded protocol packs, respectively.
For detailed information, see the following Cisco document:
Observation Point ID - distinguish metrics from different interfaces
The Observation Point ID metric identifies a monitored interface for traffic in both directions (ingress and egress). A single flow definition using this metric can be used in place of match interface input and match interface output, making configuration more compact and enabling a single record collected on an interface to include metrics for traffic in both directions.
101New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
The IPv6 IPSec QoS feature applies the Quality of Service (QoS)policies to IPV6 IPsec. This feature supports the following functionalities:
• Crypto LLQ QoS: Traffic that is classified as priority, for example PAK priority, is en-queued to the priority queue before the crypto processor. The Low Latency Queuing (LLQ) for IPSec encryption engines helps reduce packet latency for priority traffic.
• IPSec QoS pre-classify: QoS pre-classify is configured under a crypto map to enable IPSec to save the original Layer 3 and Layer 4 header before the encryption so that Quality of Service (QoS) can do the classification using the saved header.
• QoS group-based LLQ: The QoS group-based LLQ feature allows IPSec to check the LLQ QoS group setting to determine whether a packet is a high priority packet before it is en-queued to Low Latency Queue (LLQ).
The following commands were modified: crypto map and qos pre-classify to reflect IPv6 capabilities
Retain DSCP setting of RTP packet
This feature introduces the preserving and forwarding of Differentiated services code point (DSCP) markings received from endpoints by Cisco Unified Communications Manager (CUCM) when the programmed value from CUCM is NULL. Media Termination Point (MTP) does not store the DSCP for a session, but picks the value from an incoming packet and inserts it into an outgoing packet. Thus DSCP value from an endpoint can change in the middle of a session.
103New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
SIP Signaling Enhancements: URI based dialing, Pass-through of Unsupported and non-Mandatory Headers, CUBE Graceful Shutdown mode, Configurable SIP Error codes, SHA1_80 support in SRTP
For detailed information, see the following Cisco document:
The VRF aware BGP translate-update feature enables customer devices, that contain an old version of Cisco software that does not support multicast BGP routing, to advertise its routes to multicast VRF- Lite, multicast VPN for VPNv4 and VPNv6 neighbors, as well as through IPv6 over IPv4 tunnel. The "neighbor" command is modified to include the "translate-update" keyword that enables this feature and applies only to the VRF address families.
Weighted Fair Queueing, High Priority Policer and Configurable threshold for Pause Framesfeature for 40G Native Ethernet Line card on ASR1000
For detailed information, see the following Cisco document:
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
105New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.9S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 107
• Important Notes, page 123
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.10S:
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S, page 108
• New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S, page 108
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S, page 108
Note MLPPP Broadband functionality is not supported in release 3.10.1. It is recommended to use the feature with release 3.10.0.
Cisco Systems, Inc.www.cisco.com
New and Changed Information
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.2S
WCCP with generic GRE Support
WCCP is extended to support generic GRE return method on Cisco IOS devices. Since GRE negotiated return is not supported on Cisco WAAS AppNav I/O module, customers need to use generic GRE tunnels (multipoint GRE) on the devices. That is, a mGRE tunnel needs to be configured manually on the device if the Cisco WAAS AppNav is configured with GRE return method.
Note Generic GRE tunnel does not work with loopback source address. Since the highest numbered loopback is reserved for WCCP, customers need to use the second highest loopback address.
Dropping TCP Packets During Router Reboot Process in AppNav Controller Group Scenario
For AppNav Controller Group (ACG) scenarios, a new CLI (service-insertion acg-reload-delay) provides a time delay before enabling WAN traffic for a router that has just rebooted. During the delay, the router drops all TCP packets passing through the WAN interface. This enables the router to synchronize flows before traffic is enabled, preventing unintended resetting of connections.
For detailed information, see the following Cisco document:
New Hardware in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S
The following are the new hardware introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S.
Cisco ASR 1000 Series Fixed Ethernet Line Card
The Cisco ASR 1000 Series Fixed Ethernet Line Card (ASR1000-2T+20X1GE) is a fixed-port Ethernet line card for the Cisco ASR 1000 Series Aggregation Services Routers. The line card is capable of 40-Gbps full-duplex traffic forwarding using a fixed-port interface design. This line card has 20 1GigE ports and two 10GigE ports.The small form-factor pluggables (SFP and XFP modules) allow the line card to be configured for different media types (copper or fiber) and different optical requirements (single-mode fiber or multimode fiber), as available.
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.10.0S.
108New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
Configurable RTP port range per IP Address for RTP session connectivity
For ASR boxes, the RTP port range has been increased to a range of 8000 to 48200 to scale high call volumes. This port range allows up 10000 calls on a single interface.
110New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
• Conditional Debugging: Prior to the introduction of this feature, when firewall debug is enabled, debug messages are logged for all traffic passing through the firewall. To enable conditional debugging of a single flow of traffic, the following debug command was added: debug platform condition
• The following commands are also introduced in Cisco IOS XE Release 3.10S:
– show policy-firewall config platform
– show policy-firewall sessions platform
– show policy-firewall stats platform
DHCP-SIP and Walkby Integration
For detailed information, see the following Cisco document:
The FlexVPN Mixed Mode feature provides support for carrying IPv4 traffic over IPsec IPv6 transport. This is the first phase towards providing dual stack support on the IPsec stack. This implementation does not support using a single IPsec security association (SA) pair for both IPv4 and IPv6 traffic.
This feature is only supported for Remote Access VPN with IKEv2 and Dynamic VTI.
112New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
GETVPN support with SuiteB is supported only on ESP100, ESP200, ASR1002-x platform. When show crypto godi ks member command is executed, it will show 1.0.7 on non-suiteB supported platform and 1.0.8 in suiteB supported platform.
For detailed information, see the following Cisco document:
The IOS BGP - BGP C-Route Full SM Support feature introduces a new CLI command, mvpn single-forwarder-selection highest-ip-address, which configures the BGP MVPN UMH chosen via the highest ip address.
For detailed information, see the following Cisco documents:
113New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
The NHRP SNMP Restructuring feature provides hardening support to NHRP MIBs. The snmp mib nhrp command is disabled by default. To enable you must explicitly configure it using the snmp mib nhrp command.
The snmp mib nhrp status command displays information about the following:
• The state of the tree.
• The enable or disable status of the NHRP MIB.
• The number of allocation tree nodes.
The debug snmp mib nhrp command enables debugging for NHRP MIBs.
For more information, see the following documents:
117New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
The PKI New Cert Attributes feature provides the following enhancements to Public Key Infrastructure (PKI):
• NVRAM Exhaustion
• Fresh Enrollment
NVRAM Exhaustion
Certificates and certificate revocation lists (CRLs) are used by devices when a certificate authority (CA) is used. Certificates and CRLs can be stored in NVRAM or an external database. If an external database is used to store certificates, there is no need to delete the expired certificates. Each certificate and CRL uses a moderate amount of memory. The following are stored in NVRAM:
• CA certificates and CRLs
• Certificates issued by CA server to clients
When a client renews its certificate, the new certificate, along with old certificates, is stored in NVRAM. This decreases the NVRAM space. As more certificates are stored, the NVRAM space is exhausted and this brings down the CA server, which then is unable to retrieve certificates. Manual intervention is required to restore space in NVRAM and bring the CA server up again.
To avoid NVRAM space exhaustion and manual intervention to bring up the CA server, a new timer triggers the database cleanup event. The timer starts when the first certificate is issued, and the timer interval is based on the client certificate life time configuration in the CA server. The timer scans the database and removes expired certificates that are not required, thereby preventing the CA server from going down because of NVRAM exhaustion. The timer information is displayed in the output from the show crypto pki timer command. Note that the timer applies only when certificates are stored in NVRAM and the database level is set to “complete.” However, when NVRAM is used to store certificates and the database level is configured with minimum or names, there is no need to delete the expired certificates because the certificates do not consume much space.
The certificates in the CA server can also be deleted by using the no crypto pki server name command. the following warning appears, when you configure this command:
Device(config)# no crypto pki server ABC-CACA certificate, Keypair, CRL and database files will be deleted. Do you wish to continue? [yes/no]:
If “yes” is entered, all files are removed from the database.
For more information on commands, see the following documents:
Cisco IOS Security Command Reference: Commands A to C
Cisco IOS Security Command Reference: Commands S to Z
119New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
The auto-enroll feature helps the device to renew the router certificate when it expires. Sometimes, the router certificate may not be enrolled if the CA server is not reachable or if the client is shut down. The back off mechanism prevents the device from having an expired certificate by renewing the certificates. The certificates are renewed by continuous contact with the CA server at specific intervals by using the retry count and retry period keywords in the enrollment command.
When a device certificate expires, the back off mechanism does the following:
• Issues a fresh enrollment request and starts the default back off mechanism or follow the configured retry counts. This step is repeated to obtain a fresh certificate.
• The enrollment request does not contain expired certificate keys, if the trustpoint is configured with the regenerate command. The regenerate command assigns new keys. To issue an enrollment request with the expired certificate keys, do not specify the regenerate command.
The following example shows how to configure the retry count and period keywords:
Device(config)# no crypto pki server ABC-CA redundancy enrollment retry count 10 enrollment retry period 1 enrollment url http://ABC_CA:80 revocation-check crl auto-enroll 70 hash sha1end
The default retry count is 10. The following table provides information when the enrollment does not happen:
After the default retry count, the enrollment request is deleted. If the certificate expires, the 5-second interval is employed to reach the CA.
For more information on the commands, see the following documents:
Cisco IOS Security Command Reference: Commands D to L
Cisco IOS Security Command Reference: Commands M to R
Retry Timeout
1 1 minute
2 1 minute
3 2 minutes
4 5 minutes
5 10 minutes
6 20 minutes
7 40 minutes
8 60 minutes
9 90 minutes
10 120 minutes
120New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S
RFC4303 IP Encapsulating Security Payload (ESP) dummy packet for traffic flow confidentiality (TFC)
The RFC 4303 IP Encapsulating Security Payload (ESP) dummy packet for traffic flow confidentiality (TFC) feature provides RFC 4303 support in Cisco software. RFC 4303 describes two methods to hide the characteristics of traffic that is passing through an IPsec flow. The first method involves adding extra padding beyond the allowed maximum of 255 bytes after the payload data when using the Encapsulating Security Payload (ESP) protocol for traffic confidentiality. The second method involves adding extra "dummy" packets to the traffic flow. The generation and transmission of dummy packets is implemented in Cisco software through the RFC4303 IP Encapsulating Security Payload (ESP) dummy packet for traffic flow confidentiality (TFC) feature. A dummy packet is designated by setting the next header field in the ESP packet to a value of 59. The dummy packets are discarded when the packets are received by the device. The standard ESP header and trailer fields are present in a dummy packet. The payload (plain text) in the dummy packet contains zero which becomes random data after encryption. You can specify the time interval at which to generate the dummy packets. You can enable generating dummy packets globally using the crypto ipsec security-association dummy command or you can enable dummy packets for a crypto map using the set security-association dummy command. When enabled for a crypto map, dummy packets are enabled for all flows that are created using the crypto map.
For more information on commands, see the following documents:
Cisco IOS Security Command Reference: Commands A to C
Cisco IOS Security Command Reference: Commands S to Z
Secure CDP
For detailed information, see the following Cisco document:
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.10S.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.9S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.9S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 125
• Important Notes, page 134
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.9S:
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.2S, page 125
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.1S, page 126
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.0S, page 126
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.2S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.2S.
Cisco Systems, Inc.www.cisco.com
New and Changed Information
SFR Counter Support
Added support for collecting total L3 packets and total L3 bytes sent by client or server.
For detailed information, see the following Cisco document:
New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.0S
The following are the new software features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.9.0S.
ALG/AIC Serviceability
The ALG-AIC Serviceability feature performs packet filtering. When a packet matches the configured filters, debug messages are logged. The ALG-AIC Serviceability feature provides the following functions:
• Debugs a single traffic flow.
• Enables debug logs for specific application layer gateways (ALGs) and application inspection and control (AIC) policies.
The following commands were introduced or modified for the ALG-AIC Serviceability feature:
• show platform hardware qfp feature alg
• show platform hardware qfp feature td
• show tech-support alg
AppNav-XE
For detailed information, see the following Cisco document:
Note Beginning with the IOS XE 3.9 release, using NBAR advanced mode requires a license for AVC functionality. License details vary according to router model.
For detailed information, see the following Cisco document:
The IPSec Serviceability Debug feature enhances Cisco IOS XE software by improving the following areas:Packet tracing—Traces a packet through the data path and identifies the area where and why a packet was dropped.show commands—Provides accurate and relevant information in the command output. Cisco IOS XE software provide an easy means to locate feature specific commands.debug commands—Provides better control plane and data plane debugging.System trace files—Provides ability to log structured messages.
For more information on show commands, refer to the Cisco IOS Security Command Reference: Commands S to Z (http://www.cisco.com/en/US/docs/ios-xml/ios/security/s1/sec-s1-cr-book.html).
For more information on debug commands, refer to the Cisco IOS Debug Command Reference - Commands I through L (http://www.cisco.com/en/US/docs/ios-xml/ios/debug/command/i1/db-i1-cr-book.html).
IPv6 Destination Guard
For detailed information, see the following Cisco document:
The zone-Based Firewall Serviceability feature provides granular drop counters:
Prior to the introduction of the granular drop counters, only a globaldrop count was available. The granular drop counter provides more information about the reasons for packet drops, than the global drop count. See the show platform hardware qfp feature firewall drop command for more information about firewall drop counters.
The following commands were introduced or modified by this feature:
• show platform hardware qfp feature firewall
• show platform hardware qfp active feature firewall datapath
• show platform hardware qfp active feature firewall drop
• show platform software firewall
• show policy-firewall stats global
• show tech-support firewall
133New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.9S
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.9S.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.9S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 135
• Important Notes, page 147
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.8S:
• New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S, page 135
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S, page 136
New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S
The following are the new hardware features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S.
Cisco Systems, Inc.www.cisco.com
New and Changed Information
8 port clear channel T3/E3 SPA - SPA-8XT3/E3
For detailed information, see the following Cisco document:
Note The AVC solution is currently in limited availability (LA) to control customer adoption, gain more visibility about technical issues, and improve general usability for Cisco Prime Infrastructure throughout the LA period. To ensure the smoothest possible implementation, please contact the AVC support team at the following address as you plan your deployment: [email protected].
BFD Dampening
For detailed information, see the following Cisco document:
136New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S
3GPP Release 7 & 8 Support for GPRS Tunneling Protocol AIC
This feature provides support for the GPRS Tunneling Protocol (GTP) application inspection and control (AIC) parser upgrade according to 3rd Generation Partnership Project (3GPP) Technical Specification (TS) 29.060 release 7 and 8. All the configurations and restrictions that apply to the GTP AIC and Gateway General packet radio service (GPRS) Support Node (GGSN) pooling specifications also apply to this feature.
139New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S
The LISP Security (LISP-SEC) feature enables a set of security mechanisms that provide origin authentication, integrity, and anti-replay protection for map-request/map-reply mapping resolution exchanges.
For detailed information, see the following Cisco document:
Support for Algorithms in the Suite B Specification for IPSec by the On-Board Crypto Engine in Cisco ASR 1000 Series Aggregation Services Routers
The IPSec algorithms required by Suite B are now supported by the hardware crypto engine on the Cisco ASR 1000 Series Aggregation Services Routers that have embedded hardware-accelerated VPN encryption.
Suite B requirements comprise four user interface suites of cryptographic algorithms for use with IKE and IPsec, which are described in RFC 6379 and RFC 6380 respectively. Each suite consists of an encryption algorithm, a digital signature algorithm, a key agreement algorithm, and a hash or message digest algorithm.
Suite B provides a comprehensive security enhancement for Cisco IPsec VPNs, and allows additional security for large-scale deployments. Suite B is the recommended solution for organizations requiring advanced encryption security for the wide-area network (WAN) between remote sites.
For detailed information, see the following Cisco documents:
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S.
End-of-Sale and End-of-Life of the Cisco Traditional NetFlow Feature
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on the Cisco ASR1000 platform. Cisco will not have any future development, CLI support, TAC support, and documentation pertaining to the Cisco TNF feature beyond Cisco IOS XE Software Release 3.10.
Customers with the Cisco TNF feature on the Cisco ASR1000 platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) feature on the Cisco ASR1000 platform.
For details on transition to Cisco FNF, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.8S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
148New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.8S
OL-26698-25
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S. In addition, important notes about this release are also included.
This chapter contains the following sections:
• New and Changed Information, page 149
• Important Notes, page 158
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.7S:
• New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S, page 149
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S, page 150
New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
The following are the new hardware features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S:
Cisco Systems, Inc.www.cisco.com
New and Changed Information
Cisco ASR 1002-X Router
The Cisco ASR 1002-X Router is a 3-SPA, 2-RU chassis. The embedded services processor and route processor are integrated into the chassis. There are 6 small form factor pluggable (SFP) Gigabit Ethernet ports. The router provides a forwarding bandwidth of up to 36 Gbps. The Cisco ASR 1002-X Router supports all the general-purpose routing and security features of the Cisco ASR 1000 Series Aggregation Services Routers.
For detailed information, see the following Cisco document:
Cisco ASR 1000 Embedded Services Processor 100-Gbps
The Cisco ASR 1000 Series Aggregation Services Routers 100-Gbps Embedded Services Processor is a centralized forwarding engine option for the Cisco ASR 1006 and ASR 1013 Routers.
Note Availability of ASR1000 Series100-Gbps Embedded Services Processor is limited to those customers whose feature set profiles are validated and approved by the corresponding Cisco Business Unit.
For detailed information, see the following Cisco document:
The IOS-XE IPSec Debuggability Enhancements in IPsec VPN reduces the overall debugging effort for customers by modifying the debug platform hardware qfp active feature (IPsec) command and merging the output of several show commands into the output of the following commands that were modified for this feature: show crypto engine accelerator statistic, show crypto ipsec sa, show crypto ruleset, and show tech-support ipsec.
For more information, refer to the Cisco IOS Security Command Reference: Commands S to Z (http://www.cisco.com/en/US/docs/ios-xml/ios/security/s1/sec-s1-cr-book.html), and Cisco IOS Debug Command Reference, Commands M through R (http://www.cisco.com/en/US/docs/ios-xml/ios/debug/command/m1/db-m1-cr-book.html).
BGP—Attribute Filter and Enhance Attribute Error Handling
For detailed information, see the following Cisco document:
The PfR Syslog and Trap Enhancement feature introduces a new CLI command, trigger-log-percentage, that specifies the percentage of out- of-policy (OOP) PfR traffic classes that trigger a syslog. Enhanced error message descriptions are accessible from the Error Message Decoder tool.
For detailed information, see the following Cisco document:
The IS-IS Bidirectional Forwarding Detection (BFD) Tag Length Value (TLV) feature provides a faster method to detect a loss of an IS-IS adjacency. Before, when an IS-IS adjacency reached the UP state (and therefore could be used for forwarding), a BFD session needed to be established with that neighbor. Now, a BFD session is maintained as long as the hello holddown timer for the neighbor does not expire, which is new for BFD TLV. The BFD session is only deleted if the neighbor hello times out. If BFD signals to IS-IS that a session has gone DOWN, the adjacency associated with that session will transition to DOWN state. Once the BFD session goes back UP, the adjacency state can transition back to an UP state. For a given IS-IS topology, IS-IS determines if BFD is usable for a given neighbor on that topology. BFD is not usable when BFD is enabled on both sides and the BFD session is down. When there are multiple BFD sessions enabled for different address families, such as IPv4 and IPv6, if BFD is not usable for any address family, then BFD is consider not usable for the entire adjacency on that topology. For example, if both IPv4 and IPv6 BFD are enabled for single topology, if either the IPv4 BFD session is down or IPv6 BFD session is down, the neighbor state will be set to DOWN state. If BFD is not enabled for a given address family, then BFD is considered usable for that address family. For single topology mode, the neighbor state is down when either the IPv4 or IPv6 BFD session is not BFD usable, that is, if BFD is enabled on both sides and the BFD session is DOWN. If BFD is not enabled on either side, BFD will be set to TRUE. For multi-topology mode, IS-IS adjacency will be in UP state as long as any topology is UP . However, the neighbor for the topology where BFD is consider not usable is considered down for that specific topology. For example, if both IPv4 and IPv6 BFD are enabled, and the IPv4 session is DOWN and IPv6 session is UP, then the IS-IS adjacency is still UP. In this case, the IPv4 neighbor is considered DOWN and ipv6 neighbor is considered UP.
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S.
End of Sale and End of Life of Cisco Traditional NetFlow
Cisco announces the end-of-sale and end-of-life of the Cisco Traditional NetFlow (TNF) Feature on ASR1000 platform. Cisco will not have any future development, CLI support, TAC support and Documentation on the Traditional NetFlow (TNF) feature beyond the Cisco IOS Software release XE 3.10.
Customers with Cisco Traditional NetFlow (TNF) Feature on Cisco ASR1000 Platform are encouraged to migrate to the Cisco Flexible NetFlow (FNF) Feature on Cisco ASR1000 Platform.
For details on transition to Flexible NetFlow, see the Migrating from Traditional to Flexible NetFlow white paper:
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.7S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
160New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.7S
OL-26698-25
New Features in and Important Notes About Cisco ASR 1000 Series Aggregation Services Routers Release 3.6S
This chapter provides information about the new features introduced in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6S. In addition, important notes about this release are also included.
Note For information about the features in and important notes about releases prior to Release 3.6.0, see Cisco IOS XE 3S Release Notes.
This chapter contains the following sections:
• New and Changed Information, page 161
• Important Notes, page 169
New and Changed InformationThe following sections list the new hardware and software features that are supported by the Cisco ASR 1000 Series Routers for Cisco IOS XE Release 3.6S:
• New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.2S, page 162
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.2S, page 162
• New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.1S, page 162
• New Software Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.1S, page 162
• New Hardware Features in Cisco ASR 1000 Series Aggregation Services Routers Release 3.6.0S, page 162
Audio and Video SPA Supports High-Definition (HD) Video
Effective from Cisco IOS XE Release 3.6S, the WebEx Node SPA supports the WebEx WBS27SP32 version. This WebEx version supports both High Quality (HQ) and High-Definition (HD) Video on the Audio and Video SPA.
For detailed information, see the following Cisco document:
IPsec Feature License for Monitoring and Reporting
From Cisco IOS XE Release 3.6S onward, you can test IPsec features by activating the built-in evaluation license and accepting the End User License Agreement (EULA). You must activate this license and accept the EULA to ensure that the crypto commands associated with an interface are not blocked. For more information about this feature, see the Software Activation Configuration Guide, Cisco IOS XE Release 3S at the following location:
The zone-based policy firewall provides advanced traffic filtering or inspection of IPv4 and IPv6 packets. In Cisco IOS XE Release 3.6S and later releases, both IPv4 and IPv6 packet inspection are enabled by default. If you need to bypass the IPv6 packet inspection, you need to configure the pass action. The pass action passes the traffic from one zone to another. When the pass action is configured, the firewall does not inspect the traffic; it passes the traffic. In the IPv6 firewall, you must explicitly configure the pass action for the return traffic by defining a zone pair and a policy map with pass action.
For detailed information about the Zone-Based Policy Firewall IPv6 Support feature, see the following Cisco document:
Important NotesThe following sections contain important notes about Cisco ASR 1000 Series Aggregation Services Routers Release 3.6S.
Deferrals
Cisco IOS software images are subject to deferral. We recommend that you view the deferral notices at the following location to determine whether your software release is affected:
• Field Notices—We recommend that you view the field notices for Release 3.6S to determine whether your software or hardware platforms are affected. You can find the field notices at the following location:
Caveats describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This chapter includes severity 1, severity 2, and selected severity 3 caveats.
Note For information about the caveats pertaining to releases earlier than Release 3.6S, see Cisco IOS XE 3S Release Notes.
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
Note If you have an account on cisco.com, you can also use the Bug Search Tool to find select caveats of any severity. To reach the Bug Search Tool, log in to cisco.com and go to https://tools.cisco.com/bugsearch/product?name=Cisco+ASR+1013+Router#search (If the defect that you have requested is not displayed, it may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.) For details on how to use the Cisco Bug Search Tool, see “Using the Cisco Bug Search Tool” section on page 173.
The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:
Using the Cisco Bug Search ToolFor more information about how to use the Cisco Bug Search Tool, including how to set email alerts for bugs and to save bugs and searches, see Bug Search Tool Help & FAQ.
Note You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. If you do not have one, you can register for an account.
Step 1 In your browser, navigate to the Cisco Bug Search Tool.
Step 2 If you are redirected to a Log In page, enter your registered Cisco.com username and password and then, click Log In.
Step 3 To search for a specific bug, enter the bug ID in the Search For field and press Enter.
Step 4 To search for bugs related to a specific software release, do the following:
a. In the Product field, choose Series/Model from the drop-down list and then enter the product name in the text field. If you begin to type the product name, the Cisco Bug Search Tool provides you with a drop-down list of the top ten matches. If you do not see this product listed, continue typing to narrow the search results.
b. In the Releases field, enter the release for which you want to see bugs.
The Cisco Bug Search Tool displays a preview of the results of your search below your search criteria.
Step 5 To see more content about a specific bug, you can do the following:
• Mouse over a bug in the preview to display a pop-up with more information about that bug.
• Click on the hyperlinked bug headline to open a page with the detailed bug information.
Step 6 To restrict the results of a search, choose from one or more of the following filters:
Your search results update when you choose a filter.
Open and Resolved BugsThe open and resolved bugs for this release are accessible through the Cisco Bug Search Tool. This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products. Within the Cisco Bug Search Tool, each bug is given a unique identifier (ID) with a pattern of CSCxxNNNNN, where x is any letter (a-z) and N is any number (0-9). The bug IDs are frequently referenced in Cisco documentation, such as Security Advisories, Field Notices and other Cisco support documents. Technical Assistance Center (TAC) engineers or other Cisco staff can also provide you with the ID for a specific bug. The Cisco Bug Search Tool enables you to filter the bugs so that you only see those in which you are interested.
Filter Description
Modified Date A predefined date range, such as last week or last six months.
Status A specific type of bug, such as open or fixed.
Severity The bug severity level as defined by Cisco. For definitions of the bug severity levels, see Bug Search Tool Help & FAQ.
Rating The rating assigned to the bug by users of the Cisco Bug Search Tool.
Support Cases Whether a support case has been opened or not.
In addition to being able to search for a specific bug ID, or for all bugs in a product and release, you can filter the open and/or resolved bugs by one or more of the following criteria:
• Last modified date
• Status, such as fixed (resolved) or open
• Severity
• Support cases
You can save searches that you perform frequently. You can also bookmark the URL for a search and email the URL for those search results.
175Information about Caveats
OL-26698-25
Open and Resolved Bugs
176Information about Caveats
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.3S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.3S, page 177
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.3S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.2S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.2S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.2S, page 178
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.2S, page 180
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17.2S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Caveat ID Number Description
CSCuy96648 add a CLI to enable/disable per-filter counter
CSCvb01460 ASR 901 is crashing after 20mins of loading the latest XE316 image
CSCuz84796 NBAR does not support dialer interface support on IOS-XE
CSCuz22379 ASR1001-X "mcpcc-lc-ms" process high CPU
CSCva92726 AN: AN memory holding grows during longitivtiy test
CSCva29933 AN: ASR901 hangs after AN aborts setup dialogue
CSCuz76841 AN: ISR-G3 crashes after disabling autonomic
CSCva49849 AN: Nbr/ACP flap continuously when a rouge device tried to join
CSCuz88340 AN: ULA is configured on ANI & same ANI used for multiple neighbors
CSCuz74838 IOS-XE / Polaris Router Crashes When SNMP Polls CISCO-STP-EXTENSIONS-MIB
CSCuz56699 ISR 4k Paging over SIP / FXS phones have no audio
CSCuz96173 CFM RDI bit not clearly automatically after node reload
CSCuz80158 ISSU:XE316->XE314:IOSd Core@ecfm_get_evc_count during unconfig
CSCuz80524 RP_0_linux_iosd-imag crash in ASR920
CSCva91655 FIB recursive loop crash
CSCuz61109 Self ping to port channel sub interface dropped with LISP decap log
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.6(1)S2
Status Fixed
178Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S, page 183
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S, page 185
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.5(2)S
Status Fixed
Identifier Description
CSCut68825 PFRv3: unexpected byte loss reported due to TCP packet flow out of order
CSCuv82778 PfRv3:CPP code crash with multiple ssrc per rtp flow
CSCuv79776 Router with Pfr feature crashed at cpp_free_exmem
CSCuu50189 ASR1K reported %LSMPI-4-INJECT_FEATURE_ESCAPE for PPPoE data packet
CSCuu13292 ASR1k ucode crash at ipv4_esf_portbundle_forus
CSCuv46318 ESP100 cpp_cp_svr crash issue due to invalid stats_sbs_entry data
CSCuv66011 ESP100: cpp_cp_svr crashed in function cpp_ess_ea_is_vsi_valid
CSCuj15099 ISG doesn't preserve PBHK port maping in lite to dedicated sesssion
CSCuv39347 bfd flapping on ISR4321 if monitor long time
CSCuv80911 change BFD timer granularity to 3ms for USD
CSCuv52648 ESP memory leak under cpp_cp_svr due to BFD feature
CSCuv61799 ASR1000 power supplies require SW debounce of PWR_OK signal
CSCuu55787 ASR1001-X: Router fails to come online with No Service Password Recovery
CSCuv14195 ASR1006-X and ASR1009-X Need to have RP2 CPLD upgrade support
CSCuu30999 Asset ID write not working on pluggable spa of Nightster
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
186Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.17S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.5S
This section lists the caveats fixed in Cisco IOS XE Release 3.16.4bS, which is a special release:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.5S, page 187
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.5S, page 194
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.5S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4bS
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4bS
This section lists the caveats fixed in Cisco IOS XE Release 3.16.4bS, which is a special release:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4bS, page 198
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4bS
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
CSCuv21984 Fair-queue queue-limit force adjust after change queue-limit.
CSCva95830 HQF not cleaned after invalid policy applied to vlan-manual GEC subintf
CSCuo15355 IWAN::AQOS: US7069 and issues found applying CLI at Hub
CSCvb82800 SRST Voicemail "vm-integration" command set missing from IOS-XE and 4k platform
CSCvb82039 ISR4331 as IP SLA Responder RTT value not correct in milliseconds
CSCuy62751 SADT throws Warnings more than one time for more iterations
CSCvb96130 Bounce/flap GRE p2p tunnel with cts causes routing to stop
CSCvb94261 Crash at fill_trap_timestamp_varbind when adding ports to MLACP
CSCvc72602 3.16.4 : Prepaid feature not installed if applied on service-stop evt
CSCvc29826 Crash with timed policy process timer expiry exception
CSCvb72458 Router repeatedly crashing with "%UTIL-3-TREE: Data structure error"
CSCva08142 IOSd crash on LISP enable router
CSCvb68201 DHCP relay option 82 for native vlan interface not working on ios-XE
CSCvb82446 voice-class busyout command removed after reload
CSCvc56866 ISR4xxx router crashed due to voice IVR script - AFW_application_process
CSCuy73642 Calls failing intermittently with cause code 47 on 4451 router
CSCvb97638 CCSIP_SPI_CONTROL memory usage leads to crash
CSCuz44452 EPA-10X10GE: Packet drops and CRCS are seen at very cold temperatures
Caveat ID Number Description
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
198Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4aS
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4aS
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4aS, page 199
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4aS, page 207
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.4aS
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Releases 15.5(3)S4b
Status Fixed
Caveat ID Number Description
CSCvb56102 Prime3.1.4:Topology not shown on PfR monitoring page on prime
CSCva99657 Dreamliner: reverse mac ppm ajustment causing issues on 2% boards
Field Name Information
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.5(3)S4a
Status Fixed
Caveat ID Number Description
CSCvb49344 AWS CSR: HA python script broken in container
CSCvb51688 stile_dns_parser may cause sporadic crashes
CSCva73821 ASR1K O/P session classifier counter not updating with L2TPv3 + PPPoE
CSCuz05035 ASR1K: L2TPv3 + PPPoE client scenario not working
CSCva13738 ISR4k dose not send SOLICIT msg in DHCPv6-PD over PPPoE
CSCva29616 ASR1k crash when BFD session came up triggered by OSPF
199Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.3S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.3S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.3S, page 211
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.3S, page 218
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.3S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
CSCva95830 HQF not cleaned after invalid policy applied to vlan-manual GEC subintf
CSCuo15355 IWAN::AQOS: US7069 and issues found applying CLI at Hub
CSCva43719 "auto ip sla mpls-lsp-monitor" crashes with watchdog
CSCuy62751 SADT throws Warnings more than one time for more iterations
CSCvb16098 ISG:PMIPV6 subscriber awareness ipv4 to ipv6 => subscriber unstable
CSCva08142 IOSd crash on LISP enable router
CSCue25168 TPM reserves UDP/4500 for no apparent reason
CSCvb26045 missing "virtual-service install" command on ISR4k
CSCuy73642 Calls failing intermittently with cause code 47 on 4451 router
CSCvb24266 ISR 4K Crashes When Running "Debug Voice Translation"
CSCva37722 ISG Accounting Accuracy is not worked on disconnecting PPP from client
CSCuz44452 EPA-10X10GE: Packet drops and CRCS are seen at very cold temperatures
Caveat ID Number Description
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.5(3)S3
Status Fixed
Identifier Description
CSCuy21675 Crash@username_command with service pwd-encryption & common-criteria cfg
CSCuy46133 IOS-XE unable to parse automate-tester cmd after save, gone after reload
211Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2bS, page 223
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S, page 223
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S, page 223
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2bS
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.2S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Identifier Description
CSCuz54836 ASR1002-X with harddisk installed stuck in crash and reboot cycle
CSCuz65079 SIP40: Support for new revision MPC8548 Rev.E CPUs
Identifier Description
CSCux75028 ASR1k ucode crash at fnf_aor_flow_extrfield_list_free
CSCux43407 router console hang and later crash - sensor related
CSCuu76585 Error with 32K VLAN configured on Single EPA
CSCux59115 ASR1002-X Crash with dpidb_tableid_params_initialize
CSCuv59014 ASR1k ROMMON: Vulnerability in package codesign validation
CSCuu75086 ROMMON should use the revocation key offered by the secure boot FPGA
CSCux56486 Rommon version 15.5(3r)S1 will not allow booting packages.conf
CSCuv29137 Tracebacks noticed @ "fman_identity_hw_secondary_init" function
CSCux77255 ISR 4K - srtp ucode crash
223Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS
This section contains the following topics:
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS, page 225
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS, page 225
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS
All open bugs for this release are available in the Cisco Bug Search Tool through the Open Bug Search.
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.16.1aS
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Identifier Description
CSCuw47720 ASR1001-X Mgmt port negotation issue with peer device
CSCuw67873 Router crashed when enabling port monitoring
CSCuu76585 ArgusX- Error with 32K VLAN configured on Single EPA
CSCuw70220 IOSXE PACTRAC: cpp crash when packet trace enabled for MPLS and SSLVPN
CSCuu75086 ROMMON should use the revocation key offered by the secure boot FPGA
CSCuv88263 ASR1001-X TenGig port fails to come up
CSCuv29137 Tracebacks noticed @ "fman_identity_hw_secondary_init" function
CSCuw49281 webui transport configuration caused router to crash
CSCuw74399 %SYS-2-BADSHARE: Bad refcount in pool_enqueue_cache
CSCuw36887 Crash with with Flexible Netflow enabled
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.5(3)S1
Status Fixed
225Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.16S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S, page 242
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S, page 249
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.15S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.5(2)S
Status Fixed
Identifier Description
CSCek10384 7200 NAT dropping Out to In ESP Packets
CSCtw74124 ASR1002-X/SIP-40G/ASR1001-X:sh plat..plim buf set:Fill Status Max:Not fn
CSCub50654 Connected Number not forwarded from ISDN to SIP
CSCud67560 Rotate Command for Trace files does not rotate PMAN Logs on FRU
CSCuh17896 show crypto gdoi ks policy causes CPU hog and traceback with 100 ACEs
CSCui62452 Issues with 'silent-discard untrusted' CLI
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S, page 258
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S, page 262
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.14S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7aS
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7aS, page 267
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7aS
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S, page 268
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S, page 269
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.7S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Caveat ID Number Description
CSCvc95168 ASR1001-X 1G GigE Ports do not Link up with RevB L1 PHY
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.4(3)S7
Status Fixed
Caveat ID Number Description
CSCvb30256 ASR1000-2T+20X1GE: More than 1Gbps traffic is reported on 1GE port
CSCvb49832 ASR1k-ELC- XCVR disabled after router reload and interface is down
CSCva23372 L2-EoGRE:fman-fp crash when config VE instance with untagged encap
CSCuz75265 ASR1k: "sh plat software peer interface-manager rX" missing some info
CSCux68796 IOS-XE Router - High CPU When Handling get-next on "entStateStandby" MIB
CSCuz22379 ASR1001-X "mcpcc-lc-ms" process high CPU
CSCvb36753 Ingress Unicast traffic not received on the BDI.
CSCvc48813 BQS unable to resume processing leading to pending objects constantly increasing
CSCvb16588 idx out of range cpp_qm_event_sch_data
CSCvb76638 POLARIS 16.4: fman_fp and cpp_cp core files seen with L3VPN profile
CSCvb54111 VPDN sessions unablle connect with "Dataplane down" error
268Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6bS
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S, page 271
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S, page 272
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.6S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.4(3)S6b
Status Fixed
Caveat ID Number Description
CSCvc95168 ASR1001-X 1G GigE Ports do not Link up with RevB L1 PHY
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.4(3)S6
Status Fixed
271Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S, page 273
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S, page 274
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5aS
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.5S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.4(3)S5a
Status Fixed
Identifier Description
CSCuz54836 ASR1002-X with harddisk installed stuck in crash and reboot cycle
CSCuz65079 SIP40: Support for new revision MPC8548 Rev.E CPUs
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.4(3)S5
Status Fixed
Identifier Description
CSCuw89522 ASR IOSD crash because of AVC feature
CSCuw13407 PfRV3: transport bytes expected counters overflow and not expected
CSCuv79776 Router with Pfr feature crashed at cpp_free_exmem
CSCuw30599 ISR4331-B: traceback occured when enabling Ethernet Data Plane Loopback
CSCuv84600 Netflow packets are dropped when EPC is enabled
273Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S, page 275
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S, page 277
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
CSCux59115 ASR1002-X Crash with dpidb_tableid_params_initialize
CSCux93176 ASR1k:stby RP stuck while bootup
CSCur48133 ATM 3xOC3 SPA failed to program with IFCFG_CMD_TIMEOUT error
Identifier Description
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.4(3)S4
Status Fixed
Identifier Description
CSCuu50189 ASR1K reported %LSMPI-4-INJECT_FEATURE_ESCAPE for PPPoE data packet
CSCuu13292 ASR1k ucode crash at ipv4_esf_portbundle_forus
CSCuv46318 ESP100 cpp_cp_svr crash issue due to invalid stats_sbs_entry data
CSCuj15099 ISG doesn't preserve PBHK port maping in lite to dedicated sesssion
CSCuv52648 ESP memory leak under cpp_cp_svr due to BFD feature
CSCuu55787 ASR1001-X: Router fails to come online with No Service Password Recovery
CSCuu30999 Asset ID write not working on pluggable spa of Nightster
CSCut82336 ASR1002-X: Handle leap second in ToD IN
CSCut65374 PTP Leap Second: ASR1002-X incorporate leap second addition 6/30/15
CSCuu14809 Byte counters display incorrect value for multicast traffic over sub-int
CSCur24793 l2protocol forward not work for STP, LLDP, PPTPv2 and E-LMI in EVC
CSCuu85007 split-horizon group communication failure
275Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.4S
All open bugs for this release are available in the Cisco Bug Search Tool.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S, page 277
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S, page 278
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.3S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
CSCuv56368 dpss: dynamic class add/delete will cause router malfunction
CSCuv25212 ucode crashes with Fair Queue and FNF export is configured
Identifier Description
Identifier Description
CSCuw41346 ESP packets discarded during re-key with static NAT on ASR1k
CSCup57389 Traffic drops while testing VRF Lite coexistance with SP NAT for LNS
CSCur48133 ATM 3xOC3 SPA failed to program with IFCFG_CMD_TIMEOUT error
CSCup91567 ASR1001-X boot-loops with CMCC crash and XGM MAC10 block errors
CSCuu14810 LNS Setup Rate takes over one hour for 58K sessions (copy of CSCut20591)
CSCuv36911 ASR1K active CGN ESP200 may crash when the CGN standby realoded
CSCuv02537 ASR1K ESP200 reload in a B2B CGN NAT scenario with PAP+BPA
CSCuv82003 Router crash on updating/deleting route-map for static NAT
CSCuw36887 Crash with with Flexible Netflow enabled
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
277Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S, page 279
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S, page 281
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.2S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
CSCut03205 SPA modules on ASR1002-X show "missing" under show platform output
CSCuu24757 ASR 1000 QFP leak with cpp_sp_svr at module FM CACE
CSCuo51601 ISR 4400 - Traffic incorrectly forwarded through class class-default
Identifier Description
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.4(3)S2
Status Fixed
Identifier Description
CSCus32530 ASR 1000 Series Routers, ESP crash in internal L4R removal feature routine
CSCuq75633 BFD down sent from ASR5500 is not recognized by ASR 1000, still sending UP
CSCur53837 ASR 1000 Series Routers: SIP can't be re-enabled with 'no hw-module slot X shutdown'
CSCuq43357 ASR 1000 Series Routers - Y1731 Frame Delay Measurement is broken
CSCur70037 ASR 1000 Series Routers-Frames>1518 not dropped by QFP with default MTU config on Gig port
CSCun32287 SW: ASR1002-X ifHCInOctets can decrease before wrapping around
CSCus03277 ASR 1000 Series Routers: Ucode core file seen with EVC L2 Bridging in MCP_DEV
CSCuq70681 Host DB timer corruption causing firewall crashes on ASR 1000 Series Routers
CSCuq31464 IOS-XE 3.13S "fman_fp_image" Kernel memory leak due to “fw-zone-pair”
CSCur09782 XE3.13 ZBFW bulk sync to bypass self-zone sessions
279Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S, page 282
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S, page 284
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13.1S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Identifier Description
CSCus32530 ASR 1000 Series Routers ESP crash in internal L4R removal feature routine
CSCuq67798 XE3.13 Mcast Service Reflection: IpFormatErr packet drop seen in KP
CSCuo77017 TCAM resource has not been released after 32K EFP is deleted
CSCus22393 ASR 1001 Routers- fman_fp_image crash in DMVPN environment
CSCus13106 Error in generating keys: no available resources
CSCuj55363 lispgetVpn traffic is dropped when getvpn profile is applied in WAN interface
CSCus15668 ASR 1000 Series Routers/03.07.06 forwarding delay has increased drastically with NAT
CSCup57389 Traffic drops while testing VRF Lite coexistence with SP NAT for LNS
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: The device reload when we grant certificates. crypto pki server <> grant all
Conditions: This symptom is observed when configured for crypto
Workaround: There is no workaround.
• CSCtz50465
Symptom: ISSU between incompatible images goes through.
Conditions: This symptom occurs for images between ISSU-break.
Workaround: There is no workaround.
• CSCtz59512
Symptom: Call threshold counter on an interface is not cleared. Seen in the output of "show call threshold status" command.
Conditions: IOS voice gateway with interfaces enabled to use the Call Threshold feature. Call is established over an interface and routing changes cause the disconnect message to be received on a different interface on the gateway.
Workaround: Reload the gateway to clear it permanently. or If not over a gigabitethernet interface, issue the "clear call threshold interface <interfacetype> <port>" command to clear the call.
• CSCtz97771
Symptom: During regular operations, a Cisco router running Cisco IOS release 12.4(24)T and possibly other releases experiences a crash. The crash info will report the following: %SYS-2-FREEFREE: Attempted to free unassigned memory at 4A001C2C, alloc 4180794C, dealloc 417616B0, %SYS-6-BLKINFO: Attempt to free a block that is in use blk 4A001BFC, words 134, alloc 4180794C, Free, dealloc 417616B0, rfcnt 0,
Conditions: This symptom is not observed under any specific conditions.
Workaround: There is no workaround.
• CSCua58402
Symptom: On recieving 200 OK with PAI, the connected number sent on the ISDN leg is the original called number and not the phone number answering the call.
Conditions: When remote-party-id is dislabed under sip-ua
Workaround: Enable remote-party-id under sip-ua
• CSCub72573
Symptom: encpas counter in "show crypto ipsec sa" may occasionly show incorrect value
Conditions: IPSec tunnels configured and used on the device
Workaround: There is no workaround
• CSCue23898
Symptom: A Cisco router running Cisco IOS Release 15.3(1)T may crash with a bus error immediately after issuing the 'write memory' command. Example: 14:44:33 CST Thu Feb 14 2013: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x228B2C70
Conditions: This symptom occurs while updating the router's running configuration with the 'write memory' command. It has been seen while updating various different commands such as, those under 'call-manager-fallback' ip route statements interface sub-commands
Workaround: There is no workaround.
• CSCue76929
285Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: enhance crypto-engine packet drop cause
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCuf44203
Symptom: AFW memory corruption
Conditions: AFW process crashes, when Request URI or other header string is of size greater than 1k
Workaround: N/A AFW process crashes, when string retrieved from container is of size greater than 1k. Mempool is created with 1k chunk size. Refer to CSCue97118.The issue is resolved in sip stack for this scenario. However we may hit this issue in AFW for some other corner cases (stress tests).
• CSCug72872
Symptom: Router outputting %SCHED-3-THRASHING: Process thrashing on watched queue 'Crypto IPC'. -Process= "Crypto IKMP", ipl= 6, pid= 360 followed by a traceback
Conditions: Was observed both on ASR and ISR during an OCSP revocation check for a revoked certificate during an GDOI registration. Might affect regular ISAKMP connections too.
Workaround: enabling path-mtu-discovery on the router with : ip tcp path-mtu-discovery has given good results.
• CSCuh07579
Symptom: An ISR/ISRG2/ASR router configured in a DMVPN setup may fail to create SAs during a rekey or new tunnel establishment.
Conditions: This symptom is observed when the router is configured as a DMVPN hub or spoke.
Workaround: There are no known workarounds. Try reloading the router to recover from the failure state. (Please note: the router may still run into this condition after a reload).
• CSCuh87195
Symptom: A crash is seen on a Cisco router.
Conditions: The device crashes with gw-accounting and call-history configured. The exact conditions are still being investigated.
Workaround: Perform the following workaround:
1) Completely remove gw-accounting
2) Disable call-history using the following commands: gw-accounting file no acct-template callhistory-detail
• CSCuh89946
Symptom: Customer may see the following error messages: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level %SYS-2-MALLOCFAIL: Memory allocation of 80 bytes failed from0x5CEEBCC, alignment 0 Pool: Processor Free: 196745624 Cause: Interrupt level allocation Alternate Pool: None Free: 0 Cause: Interrupt level allocation -Process= "<interrupt level>", ipl= 3, pid= 147 %IPMCAST_RPF-3-INTERNAL_ERROR: An internal error has occured while obtaining RPF information (No memory available to create pathinfo for RPF lookup)
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCuh95602
286Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: Self bound traffic dropped by firewall
Conditions: NAT64 is configured and traffic is sent from IPv6 client (in) to IPv4 egress interface of UUT (self)
Workaround: There is no workaround.
• CSCui21549
Symptom: When CUBE received malformed form header it crashed
Conditions: This IEC error would be seen while processing incoming SIP REFER for call transfer along with local consumption of REFER ('no supplementary-service sip refer' CLI) i.e CUBE is consuming REFER locally and generating INVITE to transfer target.
Workaround: There is no workaround.
• CSCui48606
Symptom: 3925 voice xml gateway crashed
Conditions: vxml configured: vxml tree memory 500 vxml version 2.0
Workaround: There is no workaround.
• CSCui59927
Symptom: A memory leak is observed on a Cisco device due to IPSec which causes free memory to deplete to an extent where the device becomes unreachable.
Conditions: This symptom occurs when IPSec scaling is high.
Workaround: Reduce scaling of IPSec sessions.
• CSCui70561
Symptom: Low performance for AVC 2.0 on ESP100 setup
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCui75238
Symptom: WIll see the memleaks when trying to use https application
Conditions: Leaks will seen only when trying to use https applications like webauth, web_exec etc over secure communication (https)
Workaround: Disable https(secure communication) and use http for http request.
• CSCui80379
Symptom: Can not update audio file using the "audio-prompt load" command.
Conditions: Using the B-ACD TCL scripts and loading the audio files from the local flash.
Workaround: Reload router.
• CSCui81336
287Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: After reload of DMVPN spoke fails MM-Key Exchange. Hub will show CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from x.x.x.x failed its sanity check or is malformed
Conditions: 1921 IOS router Use the ; character at the beginning of the master encryption key. i.e. key config-key password-encryption <enter> new key:;cisco123 confirm key:;cisco123
Workaround: Change the key so that ; is not the first character. #key config-key password-encrypt Old key:;cisco123 New key:cisco123 Confirm key:cisco123
• CSCui95762
Symptom: EoMPLS performance downgrade
Conditions: On RP1/ESP10
Workaround: There is no workaround.
• CSCuj12588
Symptom: show crypto gdoi group <group-name> gm pubkey shows all groups instead of the group indicated in the command.
Conditions: GM has more than 1 group configured.
Workaround: There is no workaround.
• CSCuj19293
Symptom: Bindings are present after unconfiguring Static NAT mappings
Conditions: This symptom is observed after reboot.
Workaround: Issue the command clear crypto gdoi after the reboot.
• CSCuj28444
Symptom: ASR1K:fn_crl_checking: Failed to clear gms database from KS.
Conditions: ASR1K:fn_crl_checking: Failed to clear gms database from KS.
Workaround: There is no workaround.
• CSCuj85340
Symptom: Enhancement request to improve datapath IPSEC debugs in XE3.11 and above
Conditions: Use of datapath IPSEC debugs
Workaround: There is no workaround.
• CSCuj87392
Symptom: IPSEC event-tracer messages can't be used for troubleshooting since most of them have no contextual information avalaible [ peer ip or sesssion ID]
Conditions: Troubleshooting ikev2 networks by leveraging ipsec event-trace
Workaround: Uses ipsec debugs instead when ever it's possible
• CSCuj91923
288Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: After adding SCCP/DSPFarm configuration and reloading the router, the NMS device reports that a configuration change has occurred because the config is displayed in a different order. This causes false alarms on the NMS.
Conditions: -IOS router with SCCP and DSPFarm configurations -Tested on 15.1(4)M and later -Other IOS versions are affected too.
Workaround: There is no workaround.
• CSCuj92813
Symptom: instead of triggering modem passthrough in srst mode modem relay is been triggered
Conditions: ios gateway runninbg 151-4M6 and modem passthrough configured for fax
Workaround: Remove the V.150.1 Modem relay configuration at VG2xx by configuring "no stcapp register capability <port>" and restart the SRST and VG2xx so that SRST does not remember the earlier MR capability of VG and it gets the fresh VG device capability which would be Modem paasthru with ?no stcapp register capability <port> ? configuration at VG.
• CSCuj94274
Symptom: Crypto Routes not getting populated under proper heading
Conditions: crypto route must get populated in proper vrf headings
Workaround: There is no workaround.
• CSCuj96595
Symptom: CUBE receives incoming SIP reinvite (due to SIP session refresh) and changes SDP version although there is no change in SDP attributes SDP version changes from 8863 to 8864
Conditions: Setup where this issue has been seen Rightfax - CUCM -- CUBE -- SIP SP
Workaround: There is no workaround.
• CSCuj97103
Symptom: Hung FPI sessions
Conditions: When doing multiple call transfers with REFER
Workaround: There is no workaround.
• CSCuj99605
Symptom: When a long very long Refer-To header is received, router crashes
Conditions: Long Refer-To header
Workaround: There is no workaround.
• CSCul02583
Symptom: Payload verification failed for fax calls not received fax calls
Conditions: TGW is sending re INVITE due to not receiving fax
Workaround: Do not use trancoded call.
• CSCul06522
Symptom: IOS routers can sometimes create duplicate IPSec SA pairs. This decreases platform scalability. Traffic flow is not affected.
Conditions: This was observed in IOS 15.2(4)M4, 15.2(4)M5, 15.3(3)M1. Other versions can be affected as well.
Workaround: There is no workaround.
289Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCul17089
Symptom: Video call legs are not displayed when video call is active
Conditions: Issue is seen when 2 Phones are in a video call over SIP Trunk
Workaround: There is no workaround.
• CSCul19668
Symptom: Crypto Map Leak seen
Conditions: Bring up a crypto session and delete it
Workaround: There is no workaround.
• CSCul33043
Symptom: Unable to get a DSP resources for a Transcoded call.
Conditions: During mid-call when there is a change in codec or DTMF or Hold/Resume with SRTP-RTP call then this issue will be seen. This is applicable only with LTI transcoding.
Workaround: There is no workaround.
• CSCul41263
Symptom: Midcall REINVITE is passed through when the UCM side puts a call on hold from a Video capable device.
Conditions: A video capable Device connects an audio only call via the ASR CUBE where the UCM facing dial-peers have " voice-class sip midcall-signaling passthru media-change" configured.
Workaround: If the calls routing via UCM to ASR CUBE does NOT require video capabilities, modify the SIP Trunk's Region settings on the UCM where it doesn't allow any video Bandwidth so the capabilities will never be transmitted to ASR.
• CSCul46066
Symptom: Hung Calls with SIP SPI with Refer Consume Load
Conditions: Description: observing hung calls with Refer Consume CVP load test. Hung calls observed with SIP SPI Steps to reproduce: 1. Configure max connection with 3 Refer to Dial-peer & outbound dial-peer towards CVP. 2. Run Load with 1000 calls for few hours. CPS: 10 CHT: 100 secs Total Number of active calls : 750 Issue observed with max-conn with multiple dial-peers
Workaround: Use dial-peers without max-conn
• CSCul48967
Symptom: After switch over to standby , IF-MIB count for cvCallVolMediaOutgoingCalls OID is less.
290Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Conditions: FPD bundled upgrade
Workaround: There is no workaround.
• CSCul68429
Symptom: FP crash while testing PPoE sessions
Conditions: Applying nat settings to CGN mode
Workaround: There is no workaround.
• CSCul69060
Symptom: On configuring the telephony-service for the first time onto the router, IP phones do not register despite of the correct configuration on the voice gateway. We have also seen where after a restart the same issue occurs where the IP phones fail to restart however the gateway is configured correctly. This can also happen with SRST fallback using port 2000.
Conditions: Configuring Telephony-service for the first time on the router or after a router restart. Device tested with a 2901 and 2851 running IOS version 15.1(4)M6. IP phones can be any IP phone where they are trying to register on port 2000
Workaround: 1. Under 'telephony-service' run a shut/no shut and check that the port has been opened. OR 2. under "Telephony-service" run "no ip address .. " and then re-configure the same ip address again. run 'show control-plane host open-ports' and check for port 2000 and the IP of CME.
• CSCul69623
Symptom: A PKI client (ASR router) fails auto renewal of the certificate if 'auto-enroll regenerate' is configured in the trustpoint.
Conditions: A router configured with a trustpoint that has regenerate enabled and a 'usage' key being used for the trustpoint.
Workaround: Remove the regenerate keyword.
• CSCul69990
Symptom: when flapping mpls mldp with scale v4 setup, the lspvif interface disappears in "show ip mfib" output, and packets are dropped.
Conditions: mldp flapping.
Workaround: There is no workaround.
• CSCul70801
Symptom: BADPAIR message generated .
Conditions: During DTMF interwork change
Workaround: There is no workaround.
• CSCul72683
Symptom: Callers receiving general voice-mail greeting when forwarded to CUE voice-mail
Conditions: If one "voice register dn" is forward all, or, forward unregistered to another voice register DN that is also forward all or forward unregistered to CUE voice-mail, there is no Diversion header in the SIP INVITE to CUE. This results in CUE returning the general voice-mail greeting.
Workaround: There is no workaround.
• CSCul77933
Symptom: The Shadow timer is not seen on the standby router. Even if we make the standby router active, the timer does not start.
291Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Conditions: Two routers in HSRP configured as CA servers in redundancy with auto rollover configured as described in http://www.cisco.com/en/US/customer/prod/collateral/iosswrel/ps6537/ps6586/ps6638/ps6664/configuration_guide__c07_621400.html
Workaround: In case the Standby router becomes Active, Auto-rollover would not work as the Shadow certificate generation timer is not seen on it. In such a case, we may manually rollover the CA server on the Standby router (now Active) to generate the Shadow CA certificate and the Shadow keypair. To manually rollover, run the command: "crypto pki server server_name rollover".
• CSCul81353
Symptom: ASR1006 with RP2 running ES version based of Version 15.3(1)S crash with Segmentation Fault
Conditions: This symptom is observed after two weeks of uptime and during normal load condition.
Workaround: Workaround is to reboot the box to recover from the situation.
• CSCul81777
Symptom: On an ASR1000 series router, the ESP can crash when packet trace is enabled.
Conditions: Conditional debug and packet-trace is enabled.
Workaround: There is no workaround.
• CSCul83474
Symptom: ESP crash
Conditions: Seen when executing "no ip cef load-sharing algorithm include-ports destination" with high throughput about 10Gbps
Workaround: There is no workaround.
• CSCul85526
Symptom: When we add multiple ports on the crypto acl on the primary KS the GM gets the acl without the ports. No syslog is generated on KS1 to show it does not support them and a new TEK is generated.
Conditions: Happens at all times.
Workaround: This is not a supported feature and it should not be used.
• CSCul86249
Symptom:For MPLSoDMVPN/FlexVPN feature specific G-ACh (Generic associated channel) type number need to be allocated by IETF for NHRP. Currently an experimental number is used. A CLI will be provided to configure the G-ACh type number so that the same can be configured on the old routers when we have specific G-ACh type number allocated for NHRP. refer RFC5586 MPLS Generic Associated Channel
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCul86992
Symptom: 894X show UTC time instead of configured olson timezone. 894X SCCP phones uses tzdatacsv.csv and not tzupdater.jar as Olson timezone database but on configuring Olson time-zone CME updates the 894X phone configuration file with tzupdater.jar instead of tzdatacsv.csv. Sample erroneous configuration file for 894X: <tzdata> <tzolsonversion>2013g</tzolsonversion>
292Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: On a GETVPN KS (Key Server), if there is a registration interface configured for the GDOI group, then GM registration to that group will fail with the following log message reported on the KS: %GDOI-1-UNREGISTERED_INTERFACE: Group getvpn-grp received registration from unregistered interface
Conditions: A registration interface is configured on the Key Server.
Workaround: Remove the registration interface configuration from the Key Server.
• CSCul89581
Symptom: Supervisor not able to monitor Agent conversation Remotely where CCE-CVP at higher version and RSM at 9.1(1)
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCul89998
Symptom: c3900 as RSVP agent crashed "%SYS-6-STACKLOW: Stack for process SCCP Application running low, 0/12000"
Conditions: IOS Image: 153-3.M1 CUCM Image: 10.0.1.10000-24 C3900 router configured as RSVP-Agent for CUCM feature e2eRSVP crashed under extended traffic load (3 days). The traffic was running at a rate of 250 concurrent RSVP sessions. Topology: Phone-A----------(Cluster-1)----------- SIP Trunk ------------(Cluster-2)--------Phone-B | | | | | sccp sccp | | | | | RTP------------(RSVP-Agent1)---------- IP/RSVP---------(RSVP-Agent-2)---- rtp Cluster-1 CUCM controls rsvp-agent-1 [c3800] Cluster-2 CUCM controls rsvp-agent-2 [c3900] --> Calls are made between Cluster-1 and Cluster-2 in both directions. Type of calls: Basic, and supplementary Services (Hold-resume, Transfers, Conferences)
Conditions: Handling and Printing Multiple subscribe messages
Workaround: Don't Enable Debugs
• CSCul94606
Symptom: Standby CUBE crashed while handling Agent transfer.
Conditions: This symptom is observed when an agent transfers the call to another agent.
Workaround: There is no workaround.
• CSCul96190
Symptom: MDR RECONCILE: Failed to complete WARM sync
Conditions: During ELC MDR
293Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: There is no workaround.
• CSCul96421
Symptom: Outbound calls over SIP trunk to provider fails.
Conditions: SIP IP phone (99xx) ------> CME ---------> SIP Trunk --------> ITSP Cisco IOS - 15.3(3)M and 15.4(1)T versions.
Workaround: Downgrade Cisco IOS version to 15.2(4)M.
• CSCul96470
Symptom: CUBE crashed doing a "per-call shut".
Conditions: This symptom is observed when you configure CUBE for PCD buffer logging.
Workaround: There is no workaround.
• CSCul96947
Symptom: Traceback appears on standby RP during SPA OIR
Conditions: T1 channels are configured. Then a random t1 channel is deleted and spa soft oir is done.
Workaround: There is no workaround.
• CSCul97893
Symptom: In an IOS PKI HA setup, when the CA server is deleted on the Active router, the Standby router also prompts for confirmation, if logged in through Console. The following prompt is observed: % CA certificate, Keypair, CRL and database files will be deleted. Do you wish to continue? [yes/no]: Ideally, this should be seen on the Active router only. If the administrator is logged in through SSH or TELNET, the prompt is not seen and the CA server is not deleted on the Standby router.
Conditions: Two routers in HSRP (running 15.4(1)T or higher)configured as CA servers in redundancy as described in http://www.cisco.com/en/US/customer/prod/collateral/iosswrel/ps6537/ps6586/ps6638/ps6664/configuration_guide__c07_621400.html and the CA server is deleted on the Active router.
Workaround: When deleting the CA server on the active router, log on to the standby router as well, and answer 'yes' on the Standby router.
• CSCul98774
Symptom: ASR1K DSP MIB "cdspCardObjects" are not working after the RP2 switchover happens for various reasons.
Conditions: When RP switch over happens.
Workaround: workaround is to do a hw-module stop/start on the SPA-DSP cards .
• CSCum00348
Symptom: Incorrect primary and Secondary Dial-tone
Conditions: Cptone DE is configured under FXS ports
Workaround: Step1: Router# test voice tone DE dialtone 1 425 0 -200 -200 -240 0 0 0 200 300 200 300 200 800 0 0 Step2: Router# test voice tone DE 2nd_dialtone 1 425 0 -200 -200 -240 0 0 0 200 300 200 300 200 800 0 0 Step3: shut the voice-port Step4: Unshut the voice port
• CSCum00792
Symptom: Hung FPI session will be seen after agent answer and disconnect .
Conditions: Hung FPI session will be seen after agent answer and disconnect .
294Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: There is no workaround.
• CSCum01936
Symptom: IKEv2 SA does not come UP
Conditions: IKEv2 configured with Virtual-Template
Workaround: configure tunnel mode auto
• CSCum03513
Symptom: 3905 SIP show UTC time instead of configured olson timezone. 3905 SIP phones uses tzdatacsv.csv and not tzupdater.jar as Olson timezone database but on configuring Olson time-zone CME updates the SIP 3905 configuration file with tzupdater.jar instead of tzdatacsv.csv.
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCum03790
Symptom: Immediately after the 200 OK is sent in response to the Re-Invite the ITSP sends a BYE as they expected the origin version id to increment. The lack of incrementation cause the call to be torn down by the ITSP.
Conditions: This problem was observed in the following scenarios : - Switchover from voice to fax - Change in codec for voice calls SDP content-length size is different in initial outgoing Invite to perform call setup than it is in 200 OK response to an inbound Re-Invite which causes the origin (o=) version in the SDP not to increment. CUBE however sees the content-length sizes as the same size. Previous SDP content-length was 250, 399 was the current SDP content-length: SIP/Info/sipSPICheckForSDPModification: prev send SDP size = 399, curr send SDP size = 399 SIP/Info/sipSPICheckForSDPModification: prev send SDP and curr send SDP are same /SIP/Info/sipSPIHandleSDPOwnerVersionIDChange: SDP owner_version ID not incremented ..
Workaround: There is no workaround.
• CSCum04304
Symptom: Path-confirmation check failed on CUBE in DTMF_DO-EO scenarios
Conditions: Configure CUBE for dynamic pass through - DTMF in DO-EO scenario
Workaround: There is no workaround.
• CSCum05299
Symptom: SIP phones not able to dial out when registered to CME 10.0 with IOS version 15.3(3)M1 With output "Ip Trust List Authentication failed for Incoming Request, method = INVITE" when debug ccsip all enabled in the router.
Conditions: Voice router running in IOS version 15.3(3)M1, with IP address trust list enabled (default configuration) under voice service voip
Workaround: *) Disable "ip address trusted authenticate" *) Add SIP phone IP address to IP trust list. *) Downgrade the IOS version
• CSCum06516
Symptom: %CMCC-3-SIP_MDR_FAIL: SIP0: because ESI verification failed
Conditions: During ELC MDR
Workaround: There is no workaround.
• CSCum08864
295Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: When there is a policy change (either KS or GM) in Pre-PAL, the Cisco ASR 1000 router registers again. This is because in TCAM, SA cannot be inserted or moved. An ACL merge was done in the ACE driver, and reregistration was triggered from there. Post-PAL, ACL merge intelligence is moved to a control plane. ACL is changed and change flow priority occurs. The SA is inserted with second priority which cannot be handled by the device.
Conditions: This symptom occurs when an ACL changes on the KS or the GM.
Workaround: There are four workarounds: 1. Manually clear GetVPN registration on the Cisco ASR 1000 router using <CmdBold>clear crypto gdoi<noCmdBold>. 2. If permit ACL is appended to KS ACL or if ACL is removed from the bottom of KS ACL, then there is no flow priority change, and no issue is observed. The limitation with this workaround is that the group configuration on KS has only one SA. If "deny ACL" is added, a few packet drops are observed. 3. EEM script which monitors Rekey Syslog and clears the registration. This is the same as Workaround 1 but is automatically done. The disadvantage of this workaround is that Rekey syslog is same during normal rekey and policy change rekey. Hence reregistration occurs through normal rekey too. Sample EEM script: event manager applet GM_RE_REG event syslog occurs 1 pattern ".*GM_RECV_REKEY.*" action 10 syslog priority warnings msg "EEM trigger workaround for CSCum08864" action 20 cli command "enable" action 30 cli command "clear cry gdoi" pattern "Are you sure you want to proceed" action 40 cli command "yes" 4. The ACL is swapped on KS with the new ACL and Rekey is done. The Cisco ASR 1000 GM will reregister. A small packet drop during reregistration is observed.
• CSCum15066
Symptom: Memory leak observed in CUBE for BWCAC call-flow
Conditions: This issue is observed when initial INVITE is rejected by CUBE due to BWCAC criterion.
Workaround: Not known at this point of time.
• CSCum15364
Symptom: Router is getting crashed with basic call while MP4A-LATM codec is used.
Conditions: This symptom is observed when MP4A-LATM codec is used in the dial-peers.
Workaround: There is no workaround.
• CSCum15704
Symptom: ipsec sas are not coming up for ezvpn split acl
Conditions: ezvpn with split interface ipsec sas do not come up
Workaround: There is no workaround.
• CSCum18017
Symptom: FP Crashed for RTP-SRTP Call
Conditions: When RTP-SRTP call initiated .
Workaround: There is no workaround.
• CSCum18033
Symptom: CUBE crashed when debugs enabled for srtp passthrough call
Conditions: With service log backtrace configured
Workaround: There is no workaround.
• CSCum20746
296Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: Key Server (KS) fails to send rekey & Group Member (GM) fails to process rekey when "clear crypto gdoi ks members" is executed on the KS after changing the IPsec ACL with Suite-B configured on the KS. Secondary KSs don't show any TEKs after changing crypto ACL.
Conditions: Key Server (KS) has Suite-B configured with a certain IPsec ACL. Change the IPsec ACL on the KS so that the new ACL has no overlapping entries as the old ACL and issue "clear crypto gdoi ks members" on the Primary KS.
Workaround: Issue "clear crypto gdoi" on the GMs to force their re-registration.
• CSCum22661
Symptom: When a Peer sends a certificate with no CDP, the IOS PKI client will try to retrieve the CRL through SCEP [GetCRL] directed to CA, based on enrollment url value, however in case of enrollment profile [with a valid enrollment url], it complains that the enrollment url is not present
Conditions: IOS PKI Client configured with an Enrollment profile, which has enrollment url and authentication url to communicate with the CA using SCEP.
Workaround: a) configure the enrollment URL under the trustpoint directly instead of using it through enrollment profile or b) configure the CA to embed a CDP in the client certificates [an HTTP Server or SCEP URL]. Peer will need to be reenrolled afresh. SCEP URL looks like: crypto pki server IOS-CA cdp-url http://10.106.72.139/cgi-bin/pkiclient.exe?operation=GetCRL [Note: Before typing in ? next to pkiclient.exe in the URL above, type Ctrl V]
• CSCum23619
Symptom: No counter to show the ATM VC IFM call out and response
Conditions: ATM VC IFM call
Workaround: There is no workaround.
• CSCum24009
Symptom: Transfer scenarios fail with ANAT and VCC (No DSP) configured
Conditions: Issue is observed for DODO
Workaround: Apply DOEO configurations
• CSCum26501
Symptom: cefcFRURemoved traps are not generating for different SPA Cards.
Conditions: While testing hard OIR on CISCO-ENTITY-FRU-CONTROL-MIB
Workaround: There is no workaround.
• CSCum28569
Symptom: Called name not updated to the ephone
Conditions: Call Flow: CME -> INVITE CME <- 100 Trying CME <- 183 with no called name in RPID CME <- 183 with called name in RPID In such a scenario called name in not updated by CME.
Workaround: There is no workaround.
• CSCum30814
Symptom: When SIP Gateway sends INVITE to CVP, no response is received and call fails. CVP logs report the following error: CVP_9_0_SIP-3-SIP_CALL_ERROR Exception in invitation: com.dynamicsoft.DsLibs.DsSipParser.DsSipParserException: No closing boundary found. for INVITE:
Conditions: This symptom is observed in the call Flow: PRI - > Ingress GW >> SIP >> CVP IOS: 15.1.4M3 CVP: 9.0.1 SIP Profiles applied to outbound dial-peer or globally with SDP header rule manipulation, regardless of whether the rule is applicable to the message or not. "signaling forward
297Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
unconditional" configured under 'voice service voip' or inside the dial-peer SIP Gateway sends malformed SIP INVITE when "Content-Type: application/x-q931" has to be tunneled. The "--uniqueBoundary" is not properly closed causing interoperability issues with CVP. --uniqueBoundary Content-Type: application/x-q931 Content-Disposition: signal;handling=optional Content-Length: 48 ^B^AI^E^D^B^@^P^X^Da^@^C^B ^B.........................................................................................................................................................................................................................................................................................................................
Workaround: Perform the following workaround: 1. Configure a 'dummy' SIP Profile with no rules and apply it to the outbound dial-peer: voice class sip-profiles 3 ! dial-peer voice x voice voice-class sip profiles 3 2. In non-CVP call flows or if Courtesy CallBack (CCB) is not required the following can be configured under voice service voip or dial-peer: - signaling forward conditional - signaling forward none 3. Remove SIP Profiles completely from the call flow (dial-peer and Globally).
• CSCum34515
Symptom: QFP crash
Conditions: SIP ALG traffic with FW and NAT
Workaround: There is no workaround.
• CSCum37116
Symptom: Older version v1.8 is currently bundled with FPD for Jacaranda
Conditions: New version v1.9 is available
Workaround: There is no workaround.
• CSCum37662
Symptom: MAC Accouting Reconstruction of AVL tree takes long time
Conditions: Triggered on scaled MAC accouting during MDR replay
Workaround: There is no workaround.
• CSCum38420
Symptom: Run the refer consume case without TCL for 4 hours (10 cps & 2 mins hold time), then stop calls, wait for 15 mins to call gets cleared. Afer that observed hung calls & did test crash to get the info related to hung calls. Now, new active is handling calls, make new call, cube is rejecting the call with 488
Conditions: Issue observed only when switch over happens.
Workaround: There is no workaround.
• CSCum40306
Symptom: Router crashes during call transfer in SRST mode
Conditions: Call transfer in SRST mode, including SCCP phones
Workaround: There is no workaround.
• CSCum40363
Symptom: while making h323 call ,audio packets which are passing via ASR router not receiving at the endpoints.
Conditions: ASR router is configured with NAT Firewall
Workaround: There is no workaround.
298Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCum43752
Symptom: IOSD crash at ipv6_intf_mtu on flexvpn client
Conditions: Flapping flexvpn client configured with ipv6 on tunnel interface.
Workaround: There is no workaround.
• CSCum44590
Symptom: "ip load-sharing per-packet" is enabled on ASR1K
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCum46324
Symptom: GM re-registers to the KS after not receiving a rekey. The KS does not reset the counters for rekey Acks missed by the GM after the GM re-registers. This results in the GM being deleted after missing three rekeys, even though its registered.
Conditions: This symptom is observed when WAN failure and recovery on the GM interrupting rekey ACKs to reach back the KS.
Workaround: There is no workaround.
• CSCum46511
Symptom: High CPU utilization is seen on 2921 platform running 15.3(3)M1 while sending 2Mbps traffic.
Conditions: This symptom is observed with GETVPN crypto-map configured on the outbound interface send 2 Mbps of UDP based traffic, TBAR (time based anti-replay was turned on).
Workaround: Turn off TBAR (time-based anti-replay).
• CSCum48325
Symptom: ucode crash @dtl_poll_pending_tickle with 'ip nat sett mode cgn'
Conditions: ucode crash @dtl_poll_pending_tickle with 'ip nat sett mode cgn'
Workaround: There is no workaround.
• CSCum49437
Symptom: ucode crash@ipv4_nat_cgn_mode_dp_rel_mem on changing nat mode
Conditions: In a scaled setup on changing nat mode
Workaround: There is no workaround.
• CSCum52078
Symptom: DOEO call fails for ILBC codec(rtp-nte) with ANAT enabled.
Conditions: This symptom is observed when following conditions are met: 1. DOEO call 2. ANAT enable at outgoing leg 3. ilbc codec is configure for outgoing leg.
Workaround: This issue is not observed for DODO. <B>Symptom: DOEO call fails for ilbc codec(rtp-nte) with ANAT enabled
Conditions: When following conditions meet 1. DOEO call 2. ANAT enable at outgoing leg 3. ilbc codec is configure for outgoing leg.
Workaround: works for DODO
• CSCum54136
299Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: After a KS reload, or a network split or a coop configuration change or any condition that forces a GM to re-register to a different KS in a coop the snmpwalk for object cgmGdoiGmEntry will not return any values for that GM in the previously registered KS.
Conditions: In a coop if the GM re-registers to a new KS the snmpwalk -v 2c -c wells old_KS_IP 1.3.6.1.4.1.9.9.759.1.2.2.1 command will not return information for that GM on the KS the GM was previously registered at.
Workaround: There is no workaround.
• CSCum55299
Symptom: Path-confirmation check failed on CUBE in SRTP-RTP call
Conditions: Configure CUBE for SRTP-RTP call
Workaround: There is no workaround.
• CSCum55357
Symptom: CUBE crashes for SIP-H323 Transcoding call.
Conditions: The issue is seen while running regression for Cisco IOS Release 15.3(3)M1.9.
Workaround: There is no workaround.
• CSCum56779
Symptom: For a SIP - TDM call, early dialog caller-id update does not work
Conditions: Setup and call scenario: Sipp-----------GW---------------Callgen For an SIP UPDATE request received during ringback ( Early Dialog ), caller-id update should be sent in a FACILITY message on the TDM leg. The FACILITY message with caller-id update is not seen to be sent on the TDM leg.
Workaround: There is no workaround.
• CSCum57306
Symptom: SCB leak seen when the Refer Call with error condition is run under laod
Conditions: Refer Call flow which fails
Workaround: There is no workaround.
• CSCum60848
Symptom: Under certain conditions, a DSP will hang in certain call scenarios including REFER passthrough.
Conditions: This symptom is observed under heavy load.
Workaround: There is no workaround.
• CSCum61077
Symptom: Packets dropped while IPV4 to IPV6 translation with size above 1252.
Conditions: NAT64 on ASR1K.
Workaround: Decrease the IPV4 mtu size to 1252.
• CSCum61622
Symptom: Traceback may be seen with sip/sunrpc/rtsp/rcmd/msrpc
Conditions: scaled ALG
Workaround: There is no workaround.
• CSCum66182
300Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: SNMP Query on the object dot3StatsDuplexStatus is shown as unknown.
Conditions: While testing Ether-Like MIB for ASR1000-6TGE.
Workaround: There is no workaround..
• CSCum68074
Symptom: many packets are dropped for NatIn2out cause
Conditions: PAT, interface overload
Workaround: PAT pool overload
• CSCum68287
Symptom: GM reloads unexpectedly when enabling V6-crypto map on an interface with VRF-aware GDOI configs on the latest XE3.12 throttle images
Conditions: Seen on all ASR platforms, with latest XE3.12 throttle base images This is 100% reproducible and extremely service impacting. This happens only when you enable "ipv6 crypto map" which has a local GM deny ACL associated with it. Enabling v4-crypto map is fine
Workaround: Do not use the local GM ACL for IPV6 crypto map. This may not be a feasible workaround in the field.
• CSCum69152
Symptom: SIP SRST and adding more than one alias commands, only 'alias 1' command creates a dial-peer. voice register global mode srst system message SRST Active max-dn 20 max-pool 20 ! voice register pool 1 id network 1.1.1.0 mask 255.255.255.0 alias 1 1111 to 4444 alias 2 2222 to 4444 voice-class codec 1 Only the alias 1 dialpeer gets created and calls to that extension will work (as long as you also have the correct translation rule as per docs).
Conditions: CME in SIP-SRST mode.
Workaround: Use translation-rules to achieve this behavior. <B>Symptom: SIP SRST and adding more than one alias commands, only 'alias 1' command creates a dial-peer. voice register global mode srst system message SRST Active max-dn 20 max-pool 20 ! voice register pool 1 id network 1.1.1.0 mask 255.255.255.0 alias 1 1111 to 4444 alias 2 2222 to 4444 voice-class codec 1 Only the alias 1 dialpeer gets created and calls to that extension will work (as long as you also have the correct translation rule as per docs).
Conditions: 2900 series router running SIP SRST running version c2951-universalk9-mz.SPA.152-4.
Workaround: There is no workaround.
• CSCum70161
Symptom: CUBE 180 w/o SDP and 200OK need to send CPA details in MIME
Conditions: when CPA event to process with dialer
Workaround: There is no workaround.
• CSCum70245
Symptom: No FPI session created
Conditions: RTP loopback
Workaround: There is no workaround. None
• CSCum70828
Symptom: SNMP Query on dot3StatsDuplexStatus is shown as unknown on SPA-5X1GE-V2.
Conditions: While testing Ether-like MIB for SPA-5X1GE-V2.
301Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: There is no workaround.
• CSCum71485
Symptom: An increasing number of TEKs are generated every 30 seconds.
Conditions: This symptom occurs under the following conditions: 1. Change the Group Identity on the Secondary KS causing encryption failure. Change the Group Identity on the Primary KS. All the GMs are deleted from the KSs. 2. Restore the Secondary Key Server. Wait for it to come up as Primary for the Group : GETVPN-GROUP-1. 3. Restore the Primary Key Server with Group : GETVPN-GROUP-1. 4. This creats a new TEK policy every 30 seconds from the newly elected Primary Key Server KS2. The sequence number for rekey remains 1. 5. KS1 is restored to be the primary role. 6. After the existing TEKs from KS2 are expired, it behaves normally.
Workaround: There is no workaround. <B>Symptom: Increasing number of TEK generated every 30 secs
Conditions: 1. Change the Group Identity on the Secondary KS causing encryption failure, Change the Group Identity on the Primary KS. All the GMs are deleted from the KSs. 2. Restore the Secondary Key Server. Wait for it to come up as Primary for the Group : GETVPN-GROUP-1 3. Restore the Primary Key Server with Group : GETVPN-GROUP-1 4. This is creating a new TEK policy every 30 sec from the newly elected Primary Key Server KS2. The sequence number for rekey remains 1. 5. KS1 is restored to be the primary role. 6. After the existing TEKS from the KS2 are expired it behaves normally.
Workaround: There is no workaround.
• CSCum73172
Symptom: memory usage keep increase
Conditions: config ATM PVC bundle interface
Workaround: There is no workaround.:
• CSCum73773
Symptom: QFP crash
Conditions: remove ip nat setting mode and run "sh pl hard qfp ac statistics drop"
Workaround: There is no workaround.
• CSCum77922
Symptom: CUBE fails to perform 407 Error Message Passthrough if it receives a 100 Trying before the 407 Proxy Authentication Required and sends a 503 Service Unavailable to the UAC.
Conditions: ITSP sends a 100 Trying before the 407 Proxy Authentication Required
Workaround: Receive the 407 Proxy Authentication Required as first response to an Invite
• CSCum78260
Symptom: ASR1K:GM1 did not have 1 recovery registration to group GDOI_GROUP_1.
Conditions: Issue is newly seen only in ASR routers and not in ISR.
Workaround: There is no workaround.
• CSCum79817
Symptom: "488: Not acceptable media" message seen for DOEO ANAT calls with ILBC codec.
Conditions: This symptom is observed when following conditions are met: 1. DOEO 2. ANAT calls 3. ILBC codec (Did not test for other codecs)
Workaround: This symptom is not observed for DODO.
302Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCum81041
Symptom: One way audio incoming calls redirected through CVP.
Conditions: Call flow: ------------ Caller----G711----TDM GW----SIP-----ASR1K----SIP-----CUSP----SIP----CVP(Vz0)----IP-IVR | | -----SIP---CVP (BAMS) | |--------SIP---CUCM---Agent Phone (G729 only) Initially the caller is connected to IP-IVR, both ingress and egress leg of the CUBE is doing G711. Call is connected to the IP-IVR, then CVP sends a refer to the VXML GW for playing prompts and ringback tone etc. When the call is transferred to the agent, CUBE negotiated G729 at the sip level with the CVP, but because of mid-call signalling block on the ingress side, continue with the G711. Hence xcoder is invoked on the CUBE to handle G729 to G711 and vise versa, but CUBE is still sending G711 media to the agent phone side while the agent phone is sending G729 media to the CUBE.
Workaround: There is no workaround.
• CSCum81717
Symptom: 183 session progress is blocked by the sip gateway
Conditions: 183 session Progress is received with SDP and Require:100 rel header and "block 183 sdp absent" is configured
Workaround: There is no workaround.
• CSCum83957
Symptom: A router may crash due to a bus error when running "show sccp connections sessionid".
Conditions: This has been observed on a 3900e router running 15.3(2)T. SCCP features are configured on router.
Workaround: There is no workaround.
• CSCum84172
Symptom: Incorrect NHRP mapping information for a hub can be propagate throughout the DMVPN network and cause data packet forwarding via a spoke-hub-spoke path even when a spoke-spoke direct path has been built and the sending nodes "thinks" it is sending on the direct path.
Conditions: A DMVPN spoke node is mis-configured with the correct tunnel IP address, but the wrong NBMA address for a hub (hub1). In this case the incorrect NBMA address would be for a different hub (hub2). Hub1 is configured to be both a hub and a spoke. I.e. it can be the end-point for spoke-spoke tunnels.
Workaround: Fix the spoke that has the incorrect mapping and then shutdown the hub (hub1) that "thinks" it is behind NAT. This hub must be left in a down state for long enough to ensure that any copy of the mis-configured mapping times out on all nodes in the DMVPN network. In most cases two times the NHRP hold time should be sufficient.
• CSCum84999
Symptom: SUBSCRIBE received from CVP after BYE and NOTIFY with subscription-state : terminates is send by CUBE.
Conditions: This symptom is observed when SUBSCRIBE IS recieved after call is terminated with BYE.
Workaround: There is no workaround.
• CSCum85381
303Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: CUBE drops Method Notify (OOB Notify DTMF) in SIP to SIP call flows, when 183 Session Progress without SDP is received just after 183 Session Progress with SDP. For Example: CUCM --> SIP --> CUBE ---> ITSP When Cube receives 183 Session (with SDP) from ITSP, it sends out Method Notify back to CUCM. ITSP sends another 183 Session (without SDP), at this point, CUBE strips out NOTIFY towards CUCM. This causes CUCM to disable DTMF on this call.
Conditions: There are no know conditions
Workaround: Add method Notify manually on the first leg using a SIP Profile. voice class sip-profiles 99 response 183 sip-header Call-Info remove response 183 sip-header Call-Info add "Call-Info: <sip:10.1.1.1:5060>;method=\"NOTIFY;Event=telephone-event;Duration=500\""
• CSCum86159
Symptom:CPP crash
Conditions: Conditional debugging and packet tracing is enabled on join interface for OTV.
Workaround: There is no workaround.
• CSCum86411
Symptom: BGP performance will be slower on RP2 on 15.4(02)S release or newer images.
Conditions: Large scale BGP routes
Workaround: Use Image 15.4(01)S or older.
• CSCum88818
Symptom: memory leak in CPP List Hdr Chunk
Conditions: Flapping flexvpn sessions
Workaround: There is no workaround.
• CSCum90650
Symptom: When REFER based transfer failed with 503 in NOTIFY , CUBE tried to bridge the call , but CUBE retransmit REFER again even though got 503 service error :
Conditions: REFER passthrough
Workaround: refer consume
• CSCum93356
Symptom: CUBE doesn't send mp4a-latm fmtp attributes in early dialog UPDATE
Conditions: This issue is observed in DO-EO call with flow-around configured and the SDP negotiation happens in early dialog.
Workaround: If SDP is negotiated in confirmed dialog , then this issue is not seen.
• CSCum94408
Symptom: Intermittently, if a root's CRL to validate Sub does not get downloaded [Internal or External failures], and the CRL by Sub gets downloaded, the following message will be seen: [Debug crypto isakmp and Debug crypto pki m/t/v/c] ISAKMP (35845): adding peer's pubkey to cache ISAKMP:(35845): processing SIG payload. message ID = 0 %CRYPTO-3-IKMP_QUERY_KEY: Querying key pair failed.
Conditions: This symptom occurs in Cisco IOS configured with the IKEv1, Authentication mode RSA-SIG [Certificates]. PKI Infrastructure is as follows: Root -> Sub -> ID - Root and Sub Trustpoint have "revocation-check crl none". - Sub has "chain-validation continue Root".
Workaround: Disable Revocation-check and Chain-validation under Sub Trustpoint.
• CSCum94541
304Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: This is an Enhancement request on PKI Split-VRF Feature. Enrollment profile only allows us to source the enrollment traffic from a specific VRF, however it does not allow us to control the source-ip/interface
Conditions: PKI Split VRF Feature, where one is allowed to configure VRF for enrollment through enrollment profiles, and VRF for CRL checking through Trustpoint.
Workaround: There is no workaround.
• CSCum95078
Symptom: Large IPSEC packets get dropped when fragmentation is done after IPSEC encapsulation.
Conditions: This symptom is not observed under any specific conditions.
Workaround: There is no workaround.
• CSCum96146
Symptom: CUBE HA pair crashes with crashinfo file being generated.
Conditions: 3945E CUBE routers running as a redundant pair on IOS 15.2(1)T2.
Workaround: There is no workaround.
• CSCum96156
Symptom: IOS will fail to match the certificate map intermittently
Conditions: IOS PKI using certificate maps, to authorize the Peer certificates or override CDP. In this case: - if a certificate map is written on a PC, with upper case letters in them: Ex: crypto pki certificate map HR-Users 10 subject-name co ou = HR-Users - and this is a part of the configuration that is merged with the running config through IOS file-system [directly from flash or FTP/TFTP/HTTP etc], IOS retains the upper case letters. [contrary to certificate maps written through CLI, always converts everything to lower case letters]
Workaround: A) - copy the certificate maps [that have upper case letters in them] to a notepad - remove the certificate maps [that have upper case letters in them] - paste the certificate maps, through IOS CLI - wherever these cert maps were being called, they will stay intact, and this change will take effect immediately or B) - The certificate map needs to enter IOS in a manner that IOS would insert it if you were to enter it in a CLI I.e. Make sure the external config generators generate the certificate map in such a way that everything is in lower case, and it has white spaces between DN OID, '=' and the value.
• CSCum97856
Symptom: Traceback appears in the common setup affecting the test
Conditions: Attaching service policy to zone pair security
Workaround: There is no workaround.
• CSCum98149
Symptom: Astro is not being initialized in ROMMON
Conditions: Initialize ASTRO ECSR in ROMMON
Workaround: There is no workaround.
• CSCun00783
Symptom: channel group wil link id > 4 is not configurable.
Conditions: whiel configuring the vlan based load balance
Workaround: Use only link id 1-4
305Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCun02605
Symptom: ASR crashes with no known trigger in CCSIP_SPI_CONTROL process.
Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ. CUBE INVITE | INVITE (Via branch=ABC) ----------------------------->| ----------------------------------------> | 200 OK (Via branch=DEF) | <----------------------------------------- | Cube fails to send ACK to 200 OK for some reason and causes a crash
Workaround: There is no workaround. <B>Symptom: ASR crashes ith no known trigger in CCSIP_SPI_CONTROL process
Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ. CUBE INVITE | INVITE (Via branch=ABC) ----------------------------->| ----------------------------------------> | 200 OK (Via branch=DEF) | <----------------------------------------- | Cube fails to send ACK to 200 OK for some reason and causes a crash
Workaround: There is no workaround.
• CSCun02711
Symptom: observing cpp_cp_svr crash
Conditions: Interface Flap with Model4 QoS under Oversubscribe load
Workaround: There is no workaround.
• CSCun02772
Symptom: Part of the "MCSA Requst Parameters" are not updated when showing gtp pdp details
Conditions: When issuing show gtp pdp related commands with "detail" option
Workaround: There is no workaround.
• CSCun03189
Symptom: The test gtp commands are diasabled
Conditions: Issue test gtp commands.
Workaround: There is no workaround.
• CSCun05026
Symptom: Tracebacks @ ipnat_establish_alias seen with IPsec and NAT64 configs
Conditions: While bringing up IPsec sessions.
Workaround: There is no workaround.
• CSCun05121
Symptom: Memory leak at SRTP Keys in Dolby Feature.
Conditions: Memory leak seen in SRTP Call
Workaround: There is no workaround.
• CSCun07486
Symptom: "token" CLI is getting missed under Crypto pki .
Conditions: UUT is loaded with 15.4(1.20c)CEL5.5 .
Workaround: There is no workaround.
• CSCun08016
306Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: observing cpp_cp_svr crash
Conditions: on unconfiguration of IPHC scaled configuration
Workaround: There is no workaround.
• CSCun08423
Symptom: NIM Card type details are not specific in show command port details
Conditions: card type details are not specific in "show voice port x/x/x" in dynamo3 FXS cards. It is just mentioned as "NIM-FXS" in the show command output.
Workaround: There is no workaround.
• CSCun08855
Symptom: ASR router crash with iosd punting packet to port-channel with ERSPAN configured on the router
Conditions: port-channel and ERSPAN configured on the router
Workaround: There is no workaround.
• CSCun09014
Symptom: multiple crashes witnessed due to memory being freed.
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCun10115
Symptom: entPhysicalContainedIn of NIM Module is showing the spa bay on ASR1001-X Chassis.
Conditions: While testing EntityMIB for ASR1001-X Chassis.
Workaround: There is no workaround.
• CSCun12523
Symptom: packet dropped at interface
Conditions: encap change on tunnel
Workaround: remove the tunnel interface and config it again.
• CSCun13053
Symptom: clean up fail in fhs testing
Conditions: Tracebacks are seen
Workaround: There is no workaround.
• CSCun13772
Symptom: CPUHOG messages and watchdog timeout crashes are observed on an ASR1000 series router running DMVPN.
Conditions: This has been observed on a router with a very large NHRP table (10-20k individual entries) with a very high number (thousands) of child entries per parent entry.
Workaround: Reduce the number of child entries per parent entry through the use of supernetting.
• CSCun13800
Symptom:VG224 responds with a different RTP port each time for multiple StationPortReq messages from CUCM for the same call. Seen in 15.1(4)M7
Conditions: CUCM sending multiple StationPortRequest to VG VG224 registered SCCP to CUCM
307Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: There is no workaround.
• CSCun17831
Symptom: Modem Relay call fails with new NIM FXS card on O2 platform
Symptom: shutdown one tunnel interface ,the chassis crash
Conditions: Step 1 :Setup dmvpnv3 scenario with two spokes Step 2 :On spoke 2,tunnel100 and tunnel200 are a pair of DMVPN tunnels Step 3: unconfigure "maximum-paths ibgp *" to make the two tunnels with one route to hub Step 4: add spoke to spoke traffic and after the traffic is contronlled by cent ,shutdown tunnel100,the crash will be hit
Workaround: make sure the configuration is right
• CSCun20588
Symptom: When REFER is received on CUBE and CUBE send to ITSP where ITSP did not respond to the REFER and CUBE try to Resume the call Memory Leak seen .
Conditions: When REFER is received on CUBE and CUBE send to ITSP where ITSP did not respond to the REFER and CUBE try to Resume the call Memory Leak seen .
Workaround: There is no workaround.
• CSCun20719
Symptom: Reload the router, and check the system clock [it should be an authoritative source of time: show clock ? no * is printed before the clock]. However, 'show crypto pki timer' will not show the renew timer for the trustpoint.
Conditions: IOS is configured as SCEP client, with an auto-enroll timer. Also, instead of 'enrollment url' under the trustpoint, an enrollment profile is configured.
Workaround: Re-enter the 'auto-enrol <>' command under the trustpoint to trigger the renew timer.
• CSCun21918
Symptom: The fields in the result of "show gtp apn stats" are not updated correctly
Conditions: Issuing "show gtp apn stats" command.
Workaround: Try to get similar info from "show gtp path stat"
• CSCun22771
Symptom: An ASR 1002-X router might crash and reload writing a core file in the process.
Conditions: ASR1002-X running IOS XE in a NAT-HA B2B scenario
Workaround: There is no workaround.
• CSCun24310
Symptom: Some of the fields in "show gtp statistics" result are not updated.
Conditions: Issue "show gtp statistics" command.
308Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: There is no workaround.
• CSCun24490
Symptom: Invalid offers getting processed
Conditions: Invalid offers getting processed
Workaround: There is no workaround.
• CSCun24534
Symptom: Configuring "no aqm-register-fnf" doesn't disable the command in the router's running and startup configurations.
Conditions: The problem was observed in the following sequence : (1) Configure "no aqm-register-fnf" (2) Execute "show run", the command "aqm-register-fnf" is removed (3) Execute "show run" again, the command "aqm-register-fnf" re-appears
Workaround: There is no workaround.
• CSCun28796
Symptom: Active ESP reloads when churning ISG sessions
Conditions: Churn both regular and walk-by ISG sessions at scale.
Workaround: There is no workaround.
• CSCun30321
Symptom: Major alarm observed on ASR1001
Conditions: After upgrade to XE3.10.2
Workaround: There is no workaround.
• CSCun31644
Symptom: try to register gm
Conditions: registration succeeds and crashes
Workaround: There is no workaround.
• CSCun33934
Symptom: On standby RP, the remote restart counters on gtp paths are not synced from active RP and remain 0.
Conditions: After a back to back RP switchover
Workaround: There is no workaround.
• CSCun38059
Symptom: No way audio (Silence) issue is noticed on transcoded SIP-SIP calls on CUBE after mid-call codec change.
Conditions: IOS Relase 15.3(3)M1 and above Issue happens only under following condition. 1. Transcoder is allocated on CUBE for DTMF Interworking (Audio Codec Used on both inleg and outleg are same) 2. Due to supplementary services like "Hold" or "Transfer", one of the call leg negotiates different audio codec (Since the transcoder already allocated for DTMF interworking, it takes care of audio transcoding) 3. Later when the call is "Retrived" or "Transfer" is completed, both the call legs on CUBE negotiates same audio codec and transcoder needs to be updated for DTMF Interworking. At this point, CUBE fails to update transcoder causing no-way audio issues
309Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: 1. Try using the same DTMF method on both inleg and outleg, so that there is no transcoder allocation 2. Use same codec throughout the call Considering the following call flow PSTN -> SIP -> CUBE -> SIP -> CUCM -> IP Phone 1. Call was made from PSTN to IP-Phone via CUBE 2. Initial call gets established as G711 (alaw or ulaw) and CUBE allocates local transcoder for DTMF Interworking ( inband-voice to rtp-ntp) Media Path : PSTN [Codec-G711ulaw, DTMF-raw tone(inband-voice)] -> CUBE -> [Local Transcoder] -> [Codec-G711ulaw, DTMF- rtp-nte] -> IP-Phone 3. IP Phone places the call hold and this triggers call to be connected with MoH which is capable of streaming only G729 media Media Path : PSTN [Codec-G711ulaw, DTMF-raw tone(None)] -> CUBE -> [Local Transcoder] -> [Codec-G729, None] -> MoH Server 4. When IP Phone "Resume" or "Transfer" the call, the codec changes from G729 to G711ulaw. Media Path : PSTN [Codec-G711ulaw, DTMF-raw tone(inband-voice)] -> CUBE -> [Local Transcoder] -> [Codec-G711ulaw, DTMF- rtp-nte] -> IP-Phone 5. At this point, CUBE fails to update transcoder with updated media capability causing no-way audio
• CSCun45602
Symptom: Traceback appears in the section test
Conditions: Issuing more harddisk:tracelogs/ with debug packet trace enabled
Workaround: There is no workaround.
• CSCun46707
Symptom: When "crypto gdoi ks rekey" is issued on the KS with multiple groups, the GM does not receive the rekey
Conditions: Rekey
Workaround: There is no workaround.
• CSCun48579
Symptom: CUBE is not sending 200 OK for PRACK SDP when CPA enabled
Conditions: when CPA enabled
Workaround: Add some delay between 18X to 200 Ok
• CSCun50243
Symptom: When CED/ANSam/2100Hz answer tone is detected in the early media phase of the call, the gateway does not switchover and starts sending distorted audio to the originating fax. Fax transmission fails.
Conditions: This symptom is observed when modem passthrough nse codec g711ulaw is used as the fax protocol. Fax -> VG224 --SCCP--> CUCM -SIP--> 3945 GW--ISDN T1 PRI-->PSTN 3945 IOS: 15.1.4M5 VG224:15.1.4M2
Workaround: Perform the following workaround: - Use 'progress_ind' to strip PI=8 if the Early Media is opened via an ISDN ALERTING message: (config-dial-peer)#progress_ind alert strip - Check with Carrier if they can avoid opening early media for Fax/Modem calls.
• CSCun50538
Symptom: fman-fp log report traceback when loading fp card
Conditions: load or reload fp card
Workaround: There is no workaround.
• CSCun51932
Symptom: Incorrect internal and external Dialtone for CPTONE DE.
Conditions: Cptone DE is configured under FXS ports
310Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: Step1: Router# test voice tone DE dialtone 1 425 0 -200 -200 -240 0 0 0 65535 0 0 0 0 0 0 0 Step2: Router# test voice tone DE 2nd_dialtone 1 425 0 -200 -200 -240 0 0 0 200 300 200 300 200 800 0 0 Step3: shut the voice-port Step4: Unshut the voice port
• CSCun52009
Symptom: Traffic stats check failed after shutdown in Manual LB with multiple backup link configed
Conditions: Traffic loss is seen for PC_EVC_Manual_Loadbalance test
Workaround: There is no workaround.
• CSCun59253
Symptom: DMVPN spoke (ISR) gets stuck in NHRP state after config-unconfig-reconfing with TP.
Conditions: DMVPN with TP
Workaround: Reboot the router.
• CSCun61732
Symptom: Memory leak seen when CME will xfer the call followed by idivert .@ sippmh_parse_hi_token
Conditions: while doing idivert
Workaround: There is no workaround.
• CSCun62178
Symptom: Traceback @fp_ipsecmgr_init
Conditions: With policy-map configured on the egress GRE tunnels, perform RP switchover
Workaround: There is no workaround.
• CSCun62181
Symptom: ASR1002 running asr1000rp1-adventerprisek9.03.04.06.S.151-3.S6.bin crashes at crypto ipsec update peer path mtu
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCun62273
Symptom: MODEM Relay cannot be configured on VG224
Conditions: VG224 used for modem relay calls.
Workaround: There is no workaround.
• CSCun65380
Symptom: CME Crashed while Inbound SIP profile added globally.
Conditions: This symptom is observed when inbound SIP profile is added.
Workaround: Do not configure inbound sip profile.
• CSCun67176
Symptom: "No match found" message on the console.
Conditions: On issuing "show plat hard qfp act feat nat data port <proto>"
Workaround: There is no workaround.
• CSCun68489
311Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: reINVITE failure - hung calls
Conditions: reINVITE failure
Workaround: There is no workaround.
• CSCun73233
Symptom: No way audio (silence) issue is noticed on transcoded SIP-SIP calls on CUBE when supplementary services like Hold/Resume or Call Transfer is invoked. Issue is observed with both SCCP based transcoding and LTI (Local Transcoding Interface) based transcoding. When using SCCP Based Transcoding, "show sccp connection" output looks as below during no-way audio issue (Mode - Inactive, rport - Empty, ripaddr - Empty, conn_id_tx - Empty) CUBE-2#show sccp connections sess_id conn_id stype mode codec sport rport ripaddr conn_id_tx 65545 36 xcode inactive g729 16414 0 :: 65545 40 xcode inactive g711a 16412 0 :: When using LTI based transcoding, "show dspfarm dsp active" shows no entry of the call during no-way audio CUBE-2#show dspfarm dsp active SLOT DSP VERSION STATUS CHNL USE TYPE RSC_ID BRIDGE_ID PKTS_TXED PKTS_RXED Total number of DSPFARM DSP channel(s) 0
Conditions: IOS Release 15.3(3)M Issue happens only under following condition. 1. When "midcall-signaling passthru media-change" is configured on CUBE 2. There is change in codec in one of the call leg after invoking supplementary services like Hold/Resume or Transfer
Workaround: 1. Disable "midcall-signaling passthru media-change" Voice service voip Sip no midcall-signaling passthru media-change 2. Use same codec through-out the call (Avoid change in codec behavior by controlling supported codec list)
• CSCun73301
Symptom: FP Crashed while DTMF info message received for SRTP Passthrough call
Conditions: DTMF INFO received
Workaround: FP Crashed while DTMF info message received for SRTP Passthrough call
• CSCun76377
Symptom: On CUBE if MTP invoked for the call Forking packets showing 0 :
Conditions: On CUBE if MTP invoked for the call Forking packets showing 0 :
Workaround: There is no workaround.
• CSCun78843
Symptom: CUBE crashed while handling Flow around Call .
Conditions: CUBE crashed while handling Flow around Call .
Workaround: no Media flow around on CUBE
• CSCun79934
Symptom: qfp ipsec debug message format changed
Conditions: There are no know conditions
Workaround: There is no workaround. none
• CSCun83348
Symptom: IPsec configured router sees unauthenticated router in INIT stage of ospfv3
Conditions: Configure one router with ospfv3 auth and other router with no authentication
Workaround: There is no workaround.
• CSCun84429
312Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: ASR1k crashes.
Conditions: Deactivation of a container.
Workaround: There is no workaround.
• CSCun85566
Symptom: when a crl is downloaded using "cry pki crl download url <url1> and no command is done on same, memory leak is seen for cd p
Conditions: when a crl is downloaded using "cry pki crl download url <url1> and no command is done on same
Workaround: There is no workaround.
• CSCun85639
Symptom: when ASR1K receive a fragmented jumbo packets(pkt1:2002,pkt2:9000),router will report an refrag error and traceback.
Conditions: jumbo packet and VFR via CLI
Workaround: There is no workaround.
• CSCun85947
Symptom: When there is a dialer interface getting dynamic IP, SIP control and media binding is failing with that interface.
Conditions: IOS should be 15.1.2T or later (to configure binding at dial-peer level)
Workaround: Configure static IP for the dialer interface.
Conditions: Kingpin crashes while issuing "show plat hard slot 0 plim status int"
Workaround: There is no workaround.
• CSCun89036
Symptom: Traceback when IPV6 traffic is transiting through ATM sub-interface
Conditions: Configuration of "atm route-bridged ipv6" configured at ATM sub-interface level
Workaround: There is no workaround.
• CSCun89879
Symptom: Some sip packets drop with B2B CGN BPA setup
Conditions: Some sip packets drop with B2B CGN BPA setup
Workaround: Reload router
• CSCun90108
Symptom: On CUBE there is a port leak seen for each audio video call negotiated to audio call.
Conditions: This symptom is observed when audio Video M line offer answered with only audio m line.
Workaround: Send answer with both audio m line and video, if video not supported send port 0. <B>Symptom: On CUBE there is a port leak seen for each audio video call negotiated to audio call
Conditions: When audio Video M line offer answered with only audio m line .
Workaround: send answer with both audio m line and video , if video not supported send port 0
313Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCun91087
Symptom: O2 router crashes with non-default firmware intermittently
Conditions: O2 router crashes with non-default firmware intermittently
Workaround:
• CSCun91923
Symptom: CUBE reloads intermittently while handling SIP call forking scenario.
Conditions: In SIP Call forking scenario, an INVITE sent from CUBE is routed to multiple SIP endpoints and multiple SIP provisional responses such as 183 Session Progress with different To tags are received.
Workaround: There is no workaround.
• CSCun92171
Symptom: CUBE's media anti-trombone feature does not work correctly when combined with the pass-thru content sdp feature. When the two features are enabled CUBE will return the wrong SDP on one call leg and does not properly switch from media flow-through to media flow-around.
Conditions: This was seen on 15.4(1)T with both media anti-trombone and pass-thru content sdp enabled.
Workaround: There is no workaround.
• CSCun92199
Symptom: ucode crash with sip traffic
Conditions: after doing couple of events like redudancy reload multiple times and with SIP traffic
Workaround: There is no workaround.
• CSCun93593
Symptom: Caller id is not received intermittently on FXO ports. we have dangling dsm_handle associated with this port and it is preventing from sending further dsp messages to start caller id. Mar 24 16:18:22.054: [0/1/1] htsp_start_caller_id_rx:BELLCORE Mar 24 16:18:22.054: htsp_start_caller_id_rx htsp->dsm_handle 2AC5E96C
Conditions: The symptom has been observed on IOS 150-1.M7, with PVDM3.
Workaround: Router reload fixes the issue.
• CSCuo00479
Symptom: Slow memory leak in small/middle I/O buffers. This can be identified by looking at the output of "show buffer" and "show buffer usage" commands You'll see the number of small and middle buffers incrementing to very high values VG224-1#sh buffer | inc peak Small buffers, 104 bytes (total 1116, permanent 50, peak 1242 @ 00:00:17): Middle buffers, 600 bytes (total 1937, permanent 25, peak 2217 @ 00:00:16): The output of 'show buffer usage' will show the SCCP Application as a Resource User of the buffers and increasing until memory is exhausted. Caller pc : 0x6238D4C8 count: 4454 Resource User: SCCP Appli count: 4455 Once memory is exhausted, telnet sessions will fail to establish. Console access may still be available.
Conditions: VG224 registered to CUCM and defined as a SCCP controlled gateway. This is seen when the CUCM rejects the registration attempts of the VG224 FXS ports due to it reaching the " Maximum Number of Registered Devices" value as defined in the CUCM Service Parameters. This can occur when devices fail-over from the primary to secondary CUCM and the proper device sizing has not been followed as per the CUCM SRND. Too many devices attempt to register and CUCM starts to reject their attempts.
314Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: Ensure that in fail-over scenarios, the number of devices that attempt to register to CUCM don't exceed the number set in "Maximum Number of Registered Devices" service parameter.
• CSCuo02270
Symptom: Issues with source VLAN numbers while using with ERSPAN.
Conditions: VLAN greater than 1005 were not displayed in the running config. There is no service impact.
Workaround: There is no workaround.
• CSCuo02726
Symptom: Memory Leaks seen at nhrp_cts_data_from_pak_wrapper
Conditions: The leaks are seen on the spoke of a DMVPN setup. The leaks are observed on booting up 15.4(2.8)T image
Workaround: There is no workaround.
• CSCuo02894
Symptom: Packet-trace statistics sometimes appear to report out-of-sync counts.
Conditions: Using packet-trace in IOS-XE3.11.
Workaround: There is no workaround..
• CSCuo03834
Symptom: entity alias mapping and if table entry missing for USB ports in ASR1002-X built-in RP
Conditions: ASR1002-X running with asr1002x-universalk9.03.08.01.S.153-1.S1.SPA.bin
Workaround: There is no workaround.
• CSCuo04053
Symptom: End to end ping fails for normal ATM and CC ATM
Conditions: Breakage on mcp dev
Workaround: There is no workaround.
• CSCuo05333
Symptom: Bogus counter reported by crypto engine
Conditions: When SHA384 algorithm , bogus counter is seen during show platform hardware crypto-device context output
Workaround: There is no workaround.
• CSCuo05957
Symptom: client bypass-policy is not enabled while configuring "default client bypass-policy" in the GM gdoi group.
Conditions: client bypass-policy is not enabled while configuring "default client bypass-policy" in the GM gdoi group when the client bypass-policy is already disabled.
Workaround: There is no workaround.
• CSCuo07408
Symptom: One-way audio when using SRTP when the master key begins with 00.
Conditions: Using any release that contains the fix for bug: CSCtj15884.
315Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: Put the call on hold and then resume. This will renegotiate the keys and restore two way audio.
• CSCuo12138
Symptom: One way audio when Agent blind-transfers a call from PSTN (h.323 gateway) to a second DN, which then CFNA's to Unity
Conditions: - the issue seems to be a race condition. - the call flow/scenario that seems to cause the race condition is as follows-
Symptom: Outputs of the IPSEC event-monitor does not always include a session-id or local/remote peer ID
Conditions: After the fact troubleshooting of IPSEC sessions by looking at the recorded events
Workaround: There is no workaround.
• CSCuo16179
Symptom: BFD state down while config isis/ospf
Conditions: Bfd neighbors state down on POS interface with isis/ospf configuration.
Workaround: There is no workaround.
• CSCuo16200
Symptom: Multiple PTP stream creation happens on performing IOSD kill switchover, because of that PTP slave clock alwys stuck in ACQUIRING state
Conditions: IOSD kill switchover
Workaround: There is no workaround.
• CSCuo16728
Symptom: Control falls to Priviliged Exec mode
Conditions: When "exit" command is issued from voice register global
Workaround: There is no workaround..
• CSCuo17391
Symptom: GTP path is created even when create pdp fails.
Conditions: By removing the ggsn address from gtp config or any other scenarios which lead to pdp creation failures
Workaround: There is no workaround.
• CSCuo18931
316Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: DSCP values are set for the VoIP signalling and media packets using the "ip qos dscp" command under the dial-peer. The default value, in the absence of explicit configuration, should be "af31" for signalling and "ef" for media. When setting dscp values for signaling/audio/video under the dial-peer the media packets are marked with AF11 instead of AF33 with the following configuration ip qos dscp af11 media ip qos dscp af21 signaling ip qos dscp af33 video rsvp-none
Conditions: This occurs when configuration is applied on dial-peer with the following call flow and IOS CALL FLOW CTS endpoint - SIP - CUCM -SIP - CUBE -SIP- SME -SIP- ISDN Video Gateway CUBE Platform/IOS c2900-universalk9-mz.SPA.153-3.M1.bin
Workaround: Apply the qos configuration on the interface using class map and policy map.
Conditions: There should be ephones configured with tag 165 onwards.
Workaround: Configure all the ephones with tags ranging below 165.
• CSCuo22593
Symptom: GTP Local interface cannot be removed even when there're no active pdps
Conditions: All the time
Workaround: use "no gtp" to unconfigure the whole gtp and then reconfigure
• CSCuo26237
Symptom: Trans on active and standby are not synced
Conditions: With AT&T set up
Workaround: There is no workaround.
• CSCuo27809
Symptom: iWAG-GTP does APN name resolution through DNS before using locally configured APN level ggsn address.
Conditions: When "ip domain lookup is enabled"
Workaround: There is no workaround.
• CSCuo28583
Symptom: Ring off/on period is not changed even we configure ring cadence as followings. - cptone KR - ring cadence pattern01 or - cptone KR - ring cadence define 20 40 or - cptone KR - ring cadence define 20 40 20 40 ======================= Apr 10 14:13:51.521: htsp_timer_stop3 htsp_setup_req Apr 10 14:13:51.521: htsp_process_event: [2/0, FXSLS_ONHOOK, E_HTSP_SETUP_REQ]fxsls_onhook_setuphtsp_progress Apr 10 14:13:51.525: [2/0] c2400_set_sig_state_intercept: ABCD=0, timestamp=0, sys_time=10443319 Apr 10 14:13:51.525: [2/0] c2400_get_ring_cadence: cadence: 2000, 4000, 0, 0, 0, 0 <<<<< Apr 10 14:13:51.525: [2/0] htsp_set_caller_id_tx calling num=2701 display_info= called num=1068 Apr 10 14:13:51.525: [2/0] Caller ID String 80 13 01 08 30 34 31 30 31 34 31 33 02 04 32 37 30 31 08 01 4F AE Apr 10 14:13:51.525: [2/0] voice port htsp_set_caller_id_tx_time: ring cadence not suitable for caller id. on_time_first=1000 off_time_first=2000 on_time_second=0 off_time_second=0 <<<<< Apr 10 14:13:51.529: [2/0] c2400_get_ring_cadence: cadence: 2000, 4000, 0, 0, 0, 0 <<<<< Apr 10 14:13:51.529: [2/0] c2400_set_sig_state: ABCD=0, timestamp=0, sys_time=10443319htsp_call_feature:feature 12
Conditions: VG224-MP 15.1(4)M5 cptone KR
Workaround: There is no workaround.
317Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCuo28914
Symptom: show Modem Relay statistics output doesnot show any parameters
Conditions: show Modem Relay statistics output doesnot show any parameters
Workaround: There is no workaround.
• CSCuo29084
Symptom: Call Flow: PSTN -H.323-GW - 3rd Party IVR System. When using payload type 97 & 96 for RTP-NTE with H.323 , gateway is found to set Marker bit as false, which caused 3rd party IVR not to recognize DTMF inputs provided by Caller.
Conditions: Call Flow: PSTN -H.323-GW - 3rd Party IVR System.
Workaround: There is no workaround.
• CSCuo31667
Symptom: "Badly formed RTP" drop counter increases unexpectedly. This issue is recovered by reloading the SBC.
Conditions: This issue is seen with tele-presence call.
Workaround: Reload the SBC.
• CSCuo33168
Symptom: There is a time difference printed in the CSV files generated by the hunt group stats reports. While the file shows that the collection of statistics took place at 8pm for example, the actual data shown is from 2-3 hours prior of that time, it could even be more some times. For example: 20:00:01 EST Tue Apr 15 2014 EPHONE HUNT GROUP STAT 1 Tue 16:00 - 17:00 HuntGp 2 0 0 0 0 0 0 0 0 0 0 0 0 1 Tue 16:00 - 17:00 Agent 3001 0 0 0 0 0 0 1 7 7 0 0 0 1 Tue 16:00 - 17:00 Agent 3002 0 0 0 0 0 0 1 4 4 0 0 0 This is happening due precise time condition checks while generating csv file.
Conditions: B-ACD is being used for call queuing. 'statistics collect' enabled inside ephone-hunt The following commands are included inside telephony-service: hunt-group report url prefix <URL> hunt-group report url suffix <number> to <number> hunt-group report every <Hours> hours
Workaround: There is no workaround.
• CSCuo34250
Symptom: Inbound and outbound calls through FXO ports are disconnecting always if "supervisory disconnect anytone" command is present in the FXO Voice-port. If we remove the command, calls would work without any issues. However, in 151-3.T1 calls would work fine with "supervisory disconnect anytone" command present in the voice-port. CSCum09273 fixed the issue with inbound calls through FXO port. Outbound calls are still not working.
Conditions: When "supervisory disconnect anytone" command is configured under voice-port
Symptom: crypto-register packet-count CLI does not work on ASR1001-X platform
Conditions: transmitted and received packets always shows the same value
Workaround: There is no workaround. none
• CSCuo36977
Symptom: Traceback at cpp_mma_policy
Conditions: Flapping Flexvpn sessions with AVC service-policy applied via Radius
318Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: There is no workaround.
• CSCuo38818After configuring this command under ephone for static member, it is observed that sporadically it doesn't provide tone while logging in/out while ephone actually logs in/out in ephone-hunt. Also sometimes, ephone provides tone but doesn't log in/out in ephone-hunt. <B>Symptom: The login/logout status for a particular DN is not in sync between Ephone hunt group and Voice hunt group. If ephone hunt group shows the status of the DN as logged in, voice hunt group shows as logged out, or vice versa. Thus, always the status on the phone is updated as "logged out of hunt group"
Conditions: Same DN should be part of ephone hunt group and voice hunt group. And under the ephone hunt group, members logout and/or auto-logout should be configured.
Workaround: Do not configure members logout and auto-logout, when same DN is associated with ephone hunt group and voice hunt group simultaneously. :
• CSCuo40193
Symptom: traceback shows up
Conditions: reload
Workaround: There is no workaround.
• CSCuo40596
Symptom: when ping xtr to pxtr, the pxtr response message is LSB disabled,the packet was seen on punt path
Conditions: There are no know conditions
Workaround: it's random,sometimes will be hit, sometimes is not.
• CSCuo46913
Symptom: A crash is seen causing a system reload. The crash occurs in the Crypto IKMP process: Exception to IOS Thread: Frame pointer 0x3CEFFB58, PC = 0x164CC518 UNIX-EXT-SIGNAL: Segmentation fault(11), Process = Crypto IKMP
Conditions: This issue occurred after the following debug: debug cry condition peer subnet XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX The exact conditions are still being investigated.
Workaround: There is no workaround. known
• CSCuo47484
Symptom: CPA event is enabled for non cpa dsp profile and transcoded calls.
Conditions: For basic Transcoded call, CPA event is send as enabled even for non CPA dsp profile configuration.
Workaround: There is no workaround.
• CSCuo51043
Symptom: The dynamic L2L peer will successfully bring up, both phase-1 and phase-2 although the isakmp profile does not cater to this new peer.
Conditions: IOS L2L end-point catering to dynamic peers, with a dynamic crypto map, under which we have: a) an isakmp profile that does not match the isakmp identity of this new peer b) no crypto ACL [i.e. no 'match address' statement] Note: a crypto ACL can be configured under the dynamic map, that is either an exact or a super-set mirror image of the peer's crypto ACL, although this is not mandatory.
Workaround: There is no workaround..
319Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Note Note: The non-matching isakmp profile blocks the peer if the dynamic map has a 'match address' statement.
• CSCuo51445
Symptom: The following are the issues identified with unicast and multicast rekey, re-transmission even trace 1. The order of rekey received and ack sent on the GM was out of order, with rekey ack event showing up first. 2. Ip address of source and destination showed up as 0.0.0.0 3. Seq number showed up as either 0 or very large number.
Conditions: Standard GETVPN deployment.
Workaround: There is no workaround.
• CSCuo52113
Symptom: Redundant Gatekeeper setup and high CPU is experienced from time to time during the GUP un-registeration operation.
Conditions: on reloading router with attached config
Workaround: There is no workaround.
• CSCuo58017
Symptom: CUBE response both 481 and 200
Conditions: Receive PRACK with wrong Rack header
Workaround: There is no workaround.
• CSCuo59747
Symptom: Unexpected CANCEL message sent from CUBE
Conditions: Enclosed Configs
Workaround: There is no workaround.
• CSCuo61424
Symptom: Invalid cause code '0' sent in 503 response to INVITE received by CUBE
Conditions: Configure the CUBE for PCD buffer logging as per the enclosed configs
Workaround: There is no workaround.
• CSCuo61533
Symptom: ESP crash at cpp ace delete
Conditions: 10K flexvpn sessions up with traffic and then RP switchover down
Workaround: There is no workaround.
• CSCuo68028
Symptom: FP-Crashes@vc_show_alias_aom_cb
Conditions: while configuring encapsulation aal5mux ip in atm sub-interface
Workaround: There is no workaround.
• CSCuo68525
Symptom: Incorrect RTP connections seen for calls from SCCP-Jabber Video Phone
Conditions: Day 1 issue
Workaround: There is no workaround.
• CSCuo70773
Symptom: Confidence levels sent to ASR server from VXML gateway in the MRCPv2 messages are not the expected values. The values may appear to have had their leading zero after decimal place removed/trimmed.
Conditions: MRCPv2 Incoming confidence level in VXML document is less than 0.10
Workaround: Do not use a confidence level value smaller than 0.10 in VXML documents. Do not provide a confidence level that has a leading zero after the decimal point ex) 0.05
• CSCuo75390
Symptom: Ucode crash occurs with UWS-WAN_XE311 profile.
321Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Conditions: while verifying NAT64 with traffic on.
Workaround: There is no workaround.
• CSCuo85606
Symptom: ESP80 may crash when tearing down PPP sessions on LNS at scale.
Conditions: Tearing down PPP sessions on LNS.
Workaround: There is no workaround.
• CSCuo85705
Symptom: In a configuration where both Root and Sub have revocation check enabled, IOS PKI Client falls back to the older behavior of inheriting the Root trustpoint policy [while downloading CRL during cert validation] in the following situations: a) Both Root and Sub-CA CRLs are not yet downloaded b) Root CRL is available and Sub CRL is not yet downloaded
Conditions: Call flow:- PSTN T1PRI---- Cisco GW -- -T1PRI--PSTN Ver:- 151-4.M5 Details Cisco IOS GW receives incoming call through T1 PRI, IOS matches the incoming dial-peer completes digit manipulations. And matches the outbound dial-peer which is destined towards PSTN circuit. The outbound dial-peer is configured with clid network-number "XXXX'. Ideally Calling number should be changed based on clid network-number configuration, but it is not getting honored.
Workaround: Use translation profile instead of clid network-number.
• CSCuo90859
Symptom: Build breakge on xe313_throttle
Conditions: ABS daily build on xe313_throttle
Workaround: There is no workaround.
• CSCuo91733
Symptom: smp packets should not be via LAN interface when FIB updating
Conditions: smp packets should not be via LAN interface when FIB updating
Workaround: There is no workaround.
• CSCuo92907
Symptom: Multiple registration requests are observed on GM
Conditions: Multiple registration requests are observed on GM when the ACL on the KeyServer is modified and rekey is issued
Workaround: There is no workaround.
322Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCuo94228
Symptom: slow configurations
Conditions: High data path utilizations
Workaround: There is no workaround.
• CSCup09950
Symptom: Traceback was seen in overlord platform during call termination
Conditions: voice calls
Workaround: There is no workaround.
• CSCup11175
Symptom: A memory corruption crash on ASR.The crash is related to SIP Gateway.
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup15661
Symptom: tunnel holddown timer value is not stored in running or startup config and is not preserved on reload
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup17566
Symptom: CPP crash caused by sessions renegotiating authentication and applying QOS
Conditions: Having many CPE renegotiating authentication
Workaround: There is no workaround.
• CSCup18062
Symptom: Memory leak in MallocLite
Conditions: ASR running 03.07.05S
Workaround: There is no workaround. at this time
• CSCup18295
Symptom: A router will crash with a segmentation fault in IOSD: UNIX-EXT-SIGNAL: Segmentation fault(11), Process = CCSIP_SPI_CONTROL
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup21070
Symptom: The ESP module in an ASR1000 series router may reload unexpectedly.
Conditions: This has been observed on an ASR1002 running 15.3(3)S2 (03.10.02.S)
Workaround: There is no workaround. at this time
• CSCup27605
Symptom: SIP GW fails to send dtmf digits after NOTIFY msg
Conditions: SIP GW fails to send dtmf digits after NOTIFY msg while testing with failed image
Workaround: There is no workaround.
323Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCup30453
Symptom: Large multicast packets are not reaching the receiver.
Conditions: Using IPv6 VFR with multicast
Workaround: There is no workaround.
• CSCup38955
Symptom: master channel Operational state is not-available on USD
Conditions: basic cent topo
Workaround: There is no workaround.
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S.
• CSCum18091
Symptom: This is an enhancement request IOS IKEv2 VPN server in ikev2 cluster supports ipv4 address in the redirect payload. As per RFC 5685 section “9.2. REDIRECT”: “FQDN of the new VPN gateway” is a valid payload and should have an option to mention redirect-FQDN. If FQDN is not used then “Untrusted certificate warning” will appear even if gateway have valid trusted certificate installed.
Conditions: ** FQDN is used to connect to the VIP address of cluster ** Trusted valid wild card certificate installed on the gateway or subject alt name contain the FQDN equal to physical IP address of the gateway.
Workaround: Add in ipv4 addresses of all the gateways in the cluster in the SAN attribute of the certificate.
• CSCun87816
Symptom: SAs are not synced after rekey failover test
Conditions: After issuing clear crypto sa standby , show crypto ipsec sa standby | include Status should show the status of both the active and standby router's
Workaround: There is no workaround.
• CSCuo49933
Symptom: DMVPN tunnels down followed by traffic loss
Conditions: This condition is observed when setting scale configuration for DMVPN tunnels.
Workaround: There is no workaround.
• CSCuo52011
Symptom: dynamic tunnels are not formed after clearing crypto session
Conditions: The issue observed during clearing of crypto session with Traffic running.
Workaround: There is no workaround.
• CSCuo52097
Symptom: On the ASR1k router, with DMVPN setup ( hub ---- spoke), ipv4 traffic go through one DMVPN tunnel. ESP100 on hub router crashed every 2 hours.
324Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Conditions: This symptom was observed with DMVPN setup ( hub ---- spoke), ipv4 traffic go through one DMVPN tunnel. ESP100 on hub router crashed every 2 hours.
Workaround: There is no workaround.
• CSCuo58575
Symptom: Traceback NAT-3-HA_BULK_SYNC_FAIL seen doing redundancy switchover
Conditions: Traceback was observed while performing redundancy switchover and while changing NAT modes.
Workaround: There is no workaround.
• CSCuo61448
Symptom: SIP-SIP DO-DO Transcoded Coded Video Call failing
Conditions: This symptom is observed in image versions are 15.4(2.11)T and 15.4(2.13)T
Workaround: There is no workaround.
• CSCuo78046
Symptom: After chassis reload the standby RP was stuck in booting.
Conditions: RP in slot R1 is active and we reload the chassis
Workaround: Reload the router again.
• CSCuo86893
Symptom: Some SIP flows get classified as unknown in NBAR for Linux.
Conditions: This is relevant for NBAR linux 3.13 and 3.14.
Workaround: There is no workaround.
• CSCuo99846
Symptom: default interface error with virtual-reassembly max-fragments configuration like ip virtual-reassembly max-fragments 64 timeout 60
Conditions: This symptom is observed when no ip virtual-reassembly max-fragments 64 timeout 60 or default interface with ip virtual-reassembly max-fragments 64 timeout 60
Workaround: issue no ip virtual-reassembly instead of no ip virtual-reassembly max-fragments 64 timeout 60
• CSCup01589
Symptom: Traceback cpp_cent_handle_rc_tc_modify might thrownout when reset border router with scale of traffic-classes like 120K.
Conditions: This symptom is observed when you reset border router quickly with scale of traffic-classes like 120K.
Workaround: Shut and then no shut BR with longer time interval like 5~10s.
• CSCup01919
Symptom: cisco-phone maybe missclassifed by 1 packet to sip cisco-jabber-audio maybe missclassifed by 1 packet to unknown.
Conditions: This symptom may occur when there is cisco-jabber-audio or cisco-phone traffic in RP2-ESP160 platform.
• CSCup05051
325Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: Output of: show flow exporter option application table contains extra characters (spaces or ') in the output
Conditions: This symptom is observed when FNF record contains application name recognition field, parsing of the command output in an automated scripts might fail
Workaround: There is no workaround.
• CSCup05490
Symptom: Crash with "debug voip fpi error" under load
Conditions: Enable "debug voip fpi error" and start the load at 10 cps - 100 sec call hold time. Cube, immediately starts crashing.
Workaround: There is no workaround.
• CSCup05537
Symptom: 012859: May 28 18:15:44.567 IST: %CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_cp: cpp_cp encountered an error -
Conditions: Traceback observed with the following call flow:
Topology: CUCM ---> SIP ---> CUBE ---> CVP | --------> Media Sense Call flow: 1. CUCM Call CVP via cube. 2. VXML on CVP answers the call & negotiates g711ulaw (rtp-nte) - g711ulaw (inband) Now cube starts the leg with Media sense & forks both leg audio 3. Then CVP transfers the call using REFER back to CUBE 4. CUBE consumes the refer & sends the triggered INVITE to refer-to leg. Refer-To negotiates the g711-g729r8. Now cube starts the leg with Media sense & forks both leg audio
Workaround: There is no workaround.
• CSCup06322
Symptom: Not all mka sessions brought up
Conditions: This symptom is observed after you reload the router
Workaround: There is no workaround.
• CSCup14212
Symptom: IPv6 GETVPN data plane traffic dropped
Conditions: In GETVPN VRF-lite configuration, after un-confgured and then re-configure VRF definition.
Workaround: There is no workaround.
• CSCup21021
Symptom: error overridden is not done .
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup23606
Symptom: Testcases failed since incorrect number of call_legs are obtained .
326Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup25298
Symptom: Crashes while changing PAP BPA settings.
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup31575
Symptom: HTTPS POST request fails
Conditions: Back to back HTTPS POST request
Workaround: There is no workaround.
• CSCup33329
Symptom: Crashes while changing PAP BPA settings.
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup34474
Symptom: %GDOI-5-GM_FAILED_TO_INSTALL_POLICIES: messages are seen on GM while removing the crypto map from the interface(no crypto map) and configuring a new crypto map to the interface.
Conditions: %GDOI-5-GM_FAILED_TO_INSTALL_POLICIES: messages are seen on GM while removing the crypto map from the interface(no crypto map) and configuring a new crypto map to the interface.
Workaround: There is no workaround.
• CSCup39458
Symptom: observing degradation for LISP feature with XE3.13 and latest mcp_dev image
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup41744
Symptom: The following message, that should appear if the key cannot be found in the IKEv2 keyring is not shown if a debug crypto condition is enabled. IKEv2:% Getting pre-shared key from profile keyring IKEv2_KEYRING IKEv2:% key not found. IKEv2:Failed to initiate sa
Conditions: Key cannot be found in the keyring debug crypto ikev2 enabled debug crypto condition enabled.
Workaround: There is no workaround.
• CSCup49925
Symptom: The GM is not able to process the rekey from the KS when "crypto gdoi ks rekey" is issued on the KS. the syslog IPSEC-3-RECVD_PKT_NOT_IPSEC is generated on the GM.
Conditions: When no client bypass policy is configured and a local ACL is not configured on the GM, the GM is not expected to received the rekey from the KS.
Workaround: After GETVPN config change, if there is issue with rekey, issue "clear crypto gdoi". It will let group member re-register.
327Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
• CSCup55373
Symptom: CSL Licenses are not presented with their correct status.
Conditions: This occurs following the enabling and disabling of Smart Licensing.
Workaround: If you reload the system in CSL mode, the problem is resolved.
• CSCup57389
Symptom: traffic through the PPP sessions drops
Conditions: While testing VRF Lite coexistance with ServiceProvider NAT for LNS
Workaround: There is no workaround.
• CSCup60370
Symptom: Crash with FTP traffic while B2B NAT redundancy switchover.
Conditions: There are no know conditions
Workaround: There is no workaround.
• CSCup64883
Symptom: Crash observed on clearing fw sessions in B2B HA
Conditions: Stateful traffic flowing through the router
Workaround: Shutdown inside and outside interfaces
• CSCup65311
Symptom: Unable to delete route-map NAT dynamic mapping in B2B HA even with no translations on the box
Conditions: There are no know conditions
Workaround: Use the 'no ip nat ___ force'
• CSCup66865
Symptom: under full scale 2000 branches,with 32k channel each border router, and 160,000 traffic class; on hub MC BR some channel status fail to sync, on hub MC it is ?Operational state: Not-Available(Channel in Initial state)?, but on hub BR the channel is Channel RX state: reachable Channel TX state: reachable
Conditions: There are no know conditions
Workaround: shutdown/no shutdown hub BR to trigger the channel status update to MC
• CSCup67018
Symptom: RTP Packet to DSP payload not seen
Conditions: RTP Packet to DSP payload not seen in dagger proto when making SIP call
Workaround: There is no workaround.
• CSCup70155
Symptom: On an IOS FlexVPN hardware client that's also configured as a DHCP server, when it receives 2 DNS server entries through IKEv2 configuration attributes, it can only import the first DNS server entry passed down from the FlexVPN server into DHCP.
Conditions: This problem is seen when a FlexVPN client is configured to import all DHCP options.
Workaround: There is no workaround.
• CSCup73495
328Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: Traffic encrypt/decrypt fails with UWS-GETVPN profile
Conditions: while sending traffic and verifying Dataplane counters of a group.
Workaround: There is no workaround.
• CSCup73645
Symptom: All the 4000 tunnels didnt come up on Initiator after rekey
Conditions: All the 4000 tunnels should nt come up on Initiator after rekey
Workaround: There is no workaround.
• CSCup73986
Symptom: Installation of Reg/Rekey policies from KS for group & gm identity has failed
Conditions: policy should not installed from KS for group & gm identity
Workaround: There is no workaround.
• CSCup76401
Symptom: When the “no crypto ikev2 proposal default” command is present in the startup-config, it is no present in the running-config after reload. On the console, the following error is generated at boot time: % Cannot remove as proposal is in use.
Conditions: “no crypto ikev2 proposal default” must be configured
Workaround: Re-enter the command after each boot.
• CSCup78705
Symptom: With crypto enabled on tunnel interfaces which is used by KWAAS to reach WCM, the registration which is https requests fail. but with Crypto disabled the registration is successful.
Conditions: IWAN performance and as part of advanced profile we have following features enable WAAS, PFRv3, AVC, Crypto, DMVPN, QOS, NBAR. Installed CCO image of KWAAS with XE3.13 throttle image. KWAAS image - ISR-WAAS-5.3.5a.5.ova XE3.13 image -isr4400-universalk9.BLD_V154_3_S_XE313_THROTTLE_LATEST_20140626_070148-ext.SSA.bin
Workaround: Remove crypto and then enable cms and things work fine and you will be able to import SSL AO without any issues. Once the AO is installed/imported crypto can be reinstalled once again.
• CSCup78877
Symptom: When the Group member (ASR) registers to the key server, after the installation policies syslogs, trace messages are seen.
Conditions: The group member and key server have GETVPN configurations.The group member registers to the key server
Workaround: There is no workaround.
• CSCup80547
Symptom: When a GETVPN GM receives an ESP packet with an invalid SPI, it generates an erroneous syslog with the following format: "CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /x.y.z.w, src_addr= a.b.c.d, prot= 50"
Conditions: When a GETVPN GM receive an ESP packet with invalid SPI
Workaround: There is no workaround.
• CSCup82655
329Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Symptom: 1) No output is seen in the output “show performance monitor history interval all” after applying input ACL deny TCP rule on interface GigabitEthernet0/0/1 in UUT and sending the traffic from Pagent to UUT. 2) In TC_8 Current Cache entries not incremented to the value 10 in the output of Command “show performance monitor cache” after applying input ACL deny TCP rule on interface GigabitEthernet0/0/1 and sending traffic from Pagent to UUT. These behavior is observed on ASR1k Platform.
Conditions: 1) Configure static route and performance-monitoring in UUT. 2) Configure traffic stream on pagent with route-change drop option. 3) Configure ACL TCP deny rule on UUT. 4) Start sending traffic from pagent to UUT side. 5) check out the output of CLI “show performance monitor history interval all” and Counter packets value in each interval. The counter packets aggregated value must be 500. Unconfigure static route and performance-monitoring on UUT. Repeat the above steps for MMA traffic drop with flow aggregated and input ACL deny and check the output of “show performance monitor cache”. The current cache entries should reach the expected value 10 after 8 polls.
Workaround: There is no workaround.
• CSCup84620
Symptom: "show isakmp stats" should show counters for "ISAKMP cannot process that SA." "IKE message from x.x.x.x has no SA and is not an initialization offer?
Conditions: There are no know conditions.
Workaround: There is no workaround.
• CSCup86008
Symptom: Parsing error in custom notify payload
Conditions: peer should send custom notify with empty SPI and data
Workaround: There is no workaround.
• CSCup87747
Symptom: The 'Period Used' timer value is not consistent after several SSO switchover.
Conditions: An HA/SSO environment, along with enabled Suite licenses are needed.
Workaround: Do not perform any SSO switchover.
• CSCup90021
Symptom: - IOS sending multiple periodic DPDs at once for the same IKE session - peer responding to DPDs one by one resulting in IOS throwing below message due to received response not related to most recent DPD Jul 15 13:52:35.432: ISAKMP:(1001):R-U-THERE-ACK sequence number 0x7AA2567 does not correspond to expected value 0x7AA2568
Conditions: - on-demand DPDs configured (no matter if on-demand or periodic) - multiple IPsec SAs - loss of decrypts on those multiple SAs at the same time
Workaround: - disable DPDs
• CSCup91659
Symptom: Configure IPv6 address on the BDI interface.
Conditions: Support IPv6 Forwarding and existing IP protocols.
Workaround: There is no workaround.
• CSCuq02180
Symptom: Crash is seen after the call starts
Conditions: the stcapp summary is seen for the voice port.
330Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
Workaround: There is no workaround.
• CSCuq05961
Symptom: the total rate (offered rate - drop rate) in "show policy-map interface" does not match with the total out rate in "show interface". It seems like the drop rate in the grandparent class and parent class is different of show policy-map interface randomly.(child class is fine) But it does match with the result of IXIA real-time traffic rate with show interface.
Conditions: Environment Generate rate: 6.5Mbps from Gi0/0/1.70(connect to IXIA port 7) to Gi0/0/0.1990 ( connect to IXIA port 8). Packet size: 1340Byte Drop rate: 1.5Mbps in the class-map class-default.
Workaround: Release 15.4(2)S works fine.
331Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
332Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.13S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S. Caveats describe unexpected behavior.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.4S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.4S, page 333
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.4S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.3S
This section contains the following topics:
Identifier Description
CSCut34273 ASR1K, "unknown" process leak under cpp_cp_svr
CSCur31425 ASRNAT: PPTP ALG: Incorrect UNNAT of Peer-Call-ID in Outgoing-Call-Reply
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S, page 335
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S, page 337
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.2S
All resolved bugs for this release are available in the Cisco Bug Search Tool through the Resolved bug search. This search uses the following search criteria and filters:
Field Name Information
Product Series/Mode Cisco ASR 1000 Series Aggregation Services Routers
Releases 15.4(2)S2
Status Fixed
Identifier Description
CSCuh07579 IPSec fails to delete or create SAs due to IPSec background process stuck
CSCuj79520 PAP global address usage is growing consistently over time
CSCul48593 Active FP crashed due to stuck threads @ipv4_nat_bpa_free_port
CSCum14512 CRL download for SUBCA resulting in signature verification failure
CSCum84172 DMVPN: Need to protect nodes from being triggered as behind NAT
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
• CSCuo85606
Symptom: ESP80 may crash when tearing down PPP sessions on LNS at scale.
Conditions: Tearing down PPP sessions on LNS.
Workaround: There is no workaround.
• CSCuo56943
Symptom: ASR 1000 ESP card crash, fman_fp_image core file and cpp-mcplo-ucode core file were generated.
Conditions: crash was seen when mpls flow monitor FLOW output command was issued on a interface with some traffic.
Workaround: Configure manually the following monitor/record for MPLS traffic (the native netflow ipv4 original-output doesn't include any MPLS field):
flow record mpls-record match ipv4 tos match ipv4 protocol match mpls label 1 details match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface output match flow sampler collect routing source as collect routing destination as collect routing next-hop address ipv4 collect ipv4 source mask collect ipv4 destination mask collect transport tcp flags collect interface input collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last flow monitor mpls-monitor record mpls-record
• CSCum54014
Symptom: ESP reloads after reporting one or both of the following interrupts:
A ucode core file may or may not be created when this event occurs.
Conditions: Only applies to ESP100, ESP200 and ASR1002-X.
Workaround: There is no workaround. The issue is fixed in the following releases: 15.2(4)S6 / XE3.7.6S, 15.3(3)S4 / XE3.10.4S, 15.4(1)S3 / XE3.11.3S, 15.4(2)S / XE3.12.0S, 15.4(3)S / XE3.13.0S.
338Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
• CSCun39803
Symptom: Intermittent connectivity loss between hosts at different OTV sites. Pinging from one host to the other more than 8 times restores connectivity for about 8-10 minutes. The Packet captures show ARP request broadcasts from a host at one site not being received by the host at the other site for about 7-8s, and then suddenly starting to work. This problem has a tendency to get worse over time, with more and more hosts being affected over the course of a week or two until connectivity between sites is essentially gone.
Conditions: ASR1K running 15.4 or 15.3 code, possibly earlier code, with OTV configured.
Workaround: There is no workaround on the ASR 1000 platform so far. Statically configuring ARP entries on the hosts will work.
• CSCuo75390
Symptom: Ucode crash occurs with UWS-WAN_XE311 profile.
Conditions: While verifying NAT64 with traffic on.
Workaround: There is no workaround.
• CSCun60555
Symptom: An ESP crash may occur after removing an MFR interface soon after it was created.
Conditions: This behavior may be seen on IOS-XE platforms running software versions that support MFR. It may be dependent on the timing of the configuration and removal of the interface. The crash only affects the ESP card.
Workaround: It may be possible to avoid the crash by waiting a few seconds after creating an MFR interface before removing it.
• CSCum13378
Symptom: A Cisco ASR 1000 Series router configured as an IPSec endpoint may fail to reassemble fragmented ESP packets. During this failure state, the router will also log %ATTN-3-SYNC_TIMEOUT errors.
Conditions: This symptom occurs due to UDP packet of a specific size received on the clear side of the device.
Workaround: Use software crypto for large packets received on the clear side by configuring post-frag encryption - crypto ipsec fragmentation after-encryption. This will prevent the device from getting into the ATTN_SYNC state.
• CSCun28965
Symptom: The show ip nat translation filter range [inside | outside] [local|glocal] start-ip end-ip command does not filter the output as per the range specified.
Conditions: This symptom occurs on Cisco ASR 1000 Series router.
Workaround: There is no workaround.
• CSCuo41590
Symptom: There are compatibility issues between certain IOS-XE versions and SM-ES3X. With some combinations of SM-ES3X firmware and some releases of IOS-XE, the SM-ES3X will not boot. With the unsupported combinations, the SM-ES3X will not boot.
An error SPA-3-MSG_PARSE_FAILURE:iomd: Failed to parse incoming message from SM-ES3X-24-P slot 2 subslot 0 board 0. The module software may require an update and will be displayed on the IOS-XE console and the SM-ES3X will go into out of service state as shown in the show platform command.
339Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
router# show platform Chassis type: ISR4451-X/K9 Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 0 ISR4451-X/K9 ok 00:16:02 0/0 ISR4451-X-4x1GE ok 00:13:52 1 ISR4451-X/K9 ok 00:16:02 1/0 SM-X-1T3/E3 ok 00:12:29 2 ISR4451-X/K9 ok 00:16:02 2/0 SM-ES3X-24-P out of service 00:07:54 R0 ISR4451-X/K9 ok, active 00:16:02 F0 ISR4451-X/K9 ok, active 00:16:02 P0 Unknown ps, fail never P1 XXX-XXXX-XX ok 00:15:32 P2 ACS-4450-FANASSY ok 00:15:32
Conditions: Versions of SM-ES3X modules is incompatible with some earlier versions of IOS-XE. SM-ES3x version EJ1 is only compatible with the following major release versions of IOS-XE, or later: 15.3(3)S4 (XE 3.10.4), 15.4(1)S3 (XE 3.11.3), and 15.4(2)S (XE3.12.1).
Workaround: Ensure that a compatible combination of SM-ES3X and IOS-XE images are used. Upgrade/downgrade one or the other to get to a compatible pair.
• CSCuo09341
Symptom: ESP100 crashes while running IPoE subscriber traffic class features.
Conditions: IPoE subscriber traffic class features are configured on Cisco ASR 1000 Series Router platform with ESP100 board.
Workaround: There is no workaround.
• CSCuo11035
Symptom: One-way audio on some outgoing calls to PSTN across CUBE-SP. This is seen for call flow scenarios involving forking and with multiple call legs for the same call going through the SBC.
Conditions: Cisco ASR 1000 Series Router configured as CUBE SP SBC running IOS XE 3.10.1.
Workaround: There is no workaround.
• CSCun97966
Symptom: When packets are sent to crypto, a txnpMaxMtuExceeded message is seen.
Conditions: This symptom occurs only on Cisco ASR 1002x, ASR1000-ESP100, and ASR1000-ESP200 routers.
Workaround: There is no workaround.
• CSCul01335
Symptom: FP may crash.
Conditions: On changing pap limit from 30 to 60 with traffic on.
Workaround: There is no workaround.
• CSCun08855
Symptom: ASR router crashes with IOSd punting packet to port-channel with ERSPAN configured on the router.
Conditions: Port-channel and ERSPAN configured on the router.
Workaround: There is no workaround.
• CSCuo55508
Symptom: A cpp-ucode crash is encountered.
Conditions: Using packet-trace to trace packets in a feature environment where packets are replicated using egress conditions: debug platform packet-trace enable, debug platform packet-trace packet 16 fia-trace, debug platform condition egress, debug platform condition start.
340Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
Workaround: Do not use fia-trace.
• CSCuo52384
Symptom: ROMMON get_mac_addr and IOSXE IDPROM access fail on booting standby RP2.
Conditions: External USB thumb drive used on RP2.
Workaround: Remove external USB thumb drive on RP2.
• CSCuo55610
Symptom: Incomplete kernel core file with filename ending in TEMP_IN_PROGRESS.
Conditions: Active RP kernel core dump in dual RP2 systems.
Workaround: There is no workaround.
• CSCun04952
Symptom: Traffic which needs to be sent between AppNav-controllers will get lost. Received inter-appnav-controller packets are assigned to the shutdown tunnel interface. As a result, no flows will be synchronized between this appnav-controller and appnav-controllers in the same appnav-controller-group. Asymmetrically routed packet also fails due to lack of flow, and unable to query flow from other appnav-controller.
Conditions: Having a shutdown tunnel interface configured with tunnel source equals to the local appnav-controller IP and tunnel destination equals to the IP of another appnav-controller in the appnav-controller-group (i.e. another ASR router). To detect this problem, the following counter goes up for every dropped packet: show platform hardware qfp active statistics drop | i Disabled. Alternatively you can use a packet-trace feature on 3.10.2 and above to check the dropped reply getting sent to the shutdown tunnel interface.
Workaround: Remove the shutdown tunnel from configuration or un-shutdown it.
• CSCun99766
Symptom: A router crashes while making changes to an AppNav policy map or a class map.
Conditions: This symptom occurs under the following conditions:
– Multiple AppNav controllers are used.
– Sessions are created and can be seen using show service-insertion statistics sessions command.
– AppNav policy map and class map is modified when live traffic is redirected by AppNav.
– Policy map or class map change results in a mismatch between AppNav controllers.
Workaround: When using AppNav Controller Group with multiple ACs, avoid changing the policy map or class map when there are active sessions present (use show service-insertion statistics sessions command).
• CSCuo29770
Symptom: ESP fails to initialize and reboots. The following message will be seen on the IOS console:
*Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - startup init (0x1) *Jan 01 16:22:35.562: %CPPHA-3-INITFAIL: F0: cpp_ha: CPP 0 initialization failed - start CPP (0x1) The cpp_driver tracelog contains an entry which lists an A41C error code, indicating that the driver was unable to turn on termination.
341Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
Here is an example: 01/01 16:22:35.120 [cpp-drv]: (ERR): COMP0053/dui/A41C: QFP0.0 - unable to turn on termination for DUI0. This is an intermittent failure, so the ESP will likely initialize successfully on the 2nd or 3rd attempt. This is an initialization issue, and once initialization completes successfully there are no further problems related to this condition.
Conditions: Only ASR1002-x, ESP100 and ESP200 are affected. Router configuration or traffic pattern do not affect this problem. The software is fixed in XE3.7.6S, XE3.10.4S, XE3.11.2S, XE3.12.0S and later releases.
Workaround: There is no workaround.
• CSCun83128
Symptom: PPTP sessions do not come up.
Conditions: Static translation for port 1723 for the inside server, and PAT for the data sessions.
Workaround: Use 1 to 1 mapping.
• CSCuo17719
Symptom: An ESP crash is seen with IPv6 ping to or from an interface configured with IPSec and FNF.
Conditions: The crash is seen when the size of the IPv6 ping is greater than the interface IPv6 MTU.
Workaround: There is no known workaround. However, this is not a common scenario for IPv6 as fragmentation is always handled by the sending host/application.
Conditions: Kingpin crashes while issuing the show plat hard slot 0 plim status int command.
Workaround: There is no workaround.
• CSCun85761
Symptom: L2 frame checks failure when payload length increases with LDAP algorithm
Conditions: Steps: Translate SIP address into longer address length.
Workaround: There is no workaround.
• CSCue27980
Symptom: A CPP crash triggered by NBAR may occur on Cisco ASR 1000 Series routers, Cisco 4000 Series ISR routers, and Cisco CSR 1000V routers.
Conditions: This symptom may occur under rare conditions of traffic mixture and rate when NBAR and NAT are both enabled.
Workaround: There is no workaround.
• CSCun10918
Symptom: Issue PPP subscribers cannot be terminated in ASR1K, due to object being locked.
Conditions: EVSI Delete Errors: Out-of-Order 0, No dpidb 0, Underrun 0, VAI Recycle Timeouts 90215 =======> large number of VAI recycle timeouts EVSI wrong dpidb type errors 0 EVSI Async Events: Total 92754, HW error 88050 =======> large number of HW errors as well.
Workaround: Remove QOS of the PPP
• CSCun97760
Symptom: ASR that runs 15.2(4)S4 encounters ESP crash due to corrupted H323 packet.
Conditions: ASR that runs 15.2(4)S4 encounters ESP crash due to corrupted H323 packet.
342Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
Workaround: If customer do not need h.323 algorithm, a workaround is to disable h.323 algorithm using the no ip nat service h225 command.
• CSCun89879
Symptom: Some SIP packets drop with B2B, CGN, and BPA setup.
Conditions: Some SIP packets drop with B2B, CGN, and BPA setup.
Workaround: Reload router.
• CSCum18039
Symptom: Traffic not flowing on a queue following QoS reconfiguration or new interface creation. Also possible inability to change QoS configuration on any interface or create new interfaces/sessions following occurrence of this condition.
Conditions: Queue was previously being over subscribed when it was deleted leaving it in a flowed off congested state such that it would never drain. This issue affects ASR1K using ESP100 or ESP200, ASR1002X, and ASR1001X platforms only (i.e. ASR1K using ESP5/10/20/40 are unaffected by this issue/change).
Workaround: There is no workaround.
• CSCun78318
Symptom: ACLs applied to the mgmte do not work on the new active RP after a RP switch over.
Conditions: After a RP switch over as the old standby RP becomes the new active RP.
Workaround: Remove then reapply the ACLs to the mgmte on the new active RP.
• CSCuo20090
Symptom: The saved ACLs applied to the mgmte from startup-config may not work after the system reload.
Conditions: After system reload.
Workaround: Remove and then reapply the ACLs to the mgmte after system reload.
• CSCun48994
Symptom: The CP process crashes while collapsing a hierarchy layer node that had once exceeded 4000 entries. The collapse occurs when the number of entries fall below 4000.
Conditions: This problem occurs while collapsing a node that had once exceeded 400 entries. The problem is specific to MLPPP, MFR and GEC aggregate because these features require notification when a schedule ID changes. The schedule ID changes when a scheduling node is reconstructed. The issue is hit when the operation involves both the flushing and SID notification.
Workaround: There is no workaround.
• CSCun49087
Symptom: A Cisco ASR 1002x router crashes.
Conditions: This symptom occurs during duty cycle testing with a lot of negative events in the DMVPN setup.
Workaround: There is no workaround.
• CSCum04528
Symptom: A Cisco ASR 1002-X router might crash and reload writing a core file in the process.
Conditions: This symptom occurs with a Cisco ASR1002-X router running NAT with ALG traffic.
Workaround: There is no workaround.
343Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
• CSCun37698
Symptom: An ESP might crash.
Conditions: The device has NAT and WCCP configured. It looks like WCCP fails to setup the output interface correctly. This leads to NAT accessing a bad location in memory which causes a crash. The exact conditions are still being analyzed.
Workaround: There is no workaround.
• CSCun36785
Symptom: A Cisco ASR1002X production router acting as a WAN-Aggregator reloads unexpectedly after pushing the AVC configuration from Cisco Prime infrastructure through an SSH session. The configuration push was successful onto the box, and the flow statistics were exported to the PI. However, after 30 minutes, the router reloaded with a "CPP mcplo_ucode" crash and a "fman_fp" crash. The box is configured with IKEv2 DMVPN and basic NAT, along with BGP and EIGRP. Four static NHRP tunnels from different branch locations terminated onto this box. All traffic from the branches were encrypted, decrypted on this router and NAT was applied to the decrypted traffic before sending it out of the port-channel interface towards the production network.
Conditions: This symptom is observed on a Cisco ASR 1002X router running CCO IOS-XE version 3.10.1. The crash has occurred only once. Currently AVC configurations have been backed out and the router is stable. This affects the AVC deployment on the network seriously.
Workaround: There is no workaround.
• CSCun26943
Symptom: In an INTRA-box redundancy configuration, the STANDBY FP and ACTIVE FP may not be syncing data plane. HA records robustly. The easiest way for the customer to recognize if this is happening is by examining the output of the show platform hardware qfp active system intra and the show platform hardware qfp standby system intra commands. If the output shows the counters "rx dropped" and/or "retx" continuously incrementing, then this problem may have been encountered.
Conditions: DUAL FP systems with stateful HA features such as NAT configured.
Workaround: There is no workaround.
• CSCun87685
Symptom: ASR1006/15.4(1)S crashed while adding port and host specific deny statements on specific lines for the WCCP-Redirect ACL.
Conditions: Adding port and host specific deny statements on specific lines for the WCCP-Redirect ACL.
Workaround: There is no workaround.
• CSCun83231
Symptom: After sub package ISSU operation is performed, ELC does not come up and the following error messages are seen:
*Mar 19 23:10:10.607 PDT: %PMAN-0-PROCFAILCRIT: SIP1: pvp.sh: A critical process mcpcc_lc_ms has failed (rc 127) *Mar 19 23:10:10.865 PDT: %PMAN-5-EXITACTION: SIP1: pvp.sh: Process manager is exiting: critical process fault, mcpcc_lc_ms, cc_1_0, rc=127
Conditions: Issue is seen specific to ASR1000 Ethernet Line Cards (ELC): ASR1000-2T 20X1GE and ASR1000-6TGE line cards, and sub package upgrade. Issue is seen across all releases that support ELC.
Workaround: Consolidated upgrade can be performed.
344Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
• CSCum99077
Symptom: fman_rp process crashes. RP card is reloaded.
Conditions: When routing loop occurs in network and causes massive routing information update, an internal logic error may be triggered.
Workaround: Avoid routing loop.
• CSCuo02558
Symptom: Crash in cpp_cp_svr when executing the show platform packet-trace packet all command.
Conditions: Crash can only occur when executing the show platform packet-trace packet all command.
Workaround: Display a single packet at a time using the show platform packet-trace packet num command instead of using all.
• CSCun32035
Symptom: Configured following features as part of IWAN performance testing for UTAH platform: AVC, PFR, QoS, AppNav, WAAS, DMVPN, and Crypto. Make sure DMVPN and MPLS tunnels are up and performance monitor, WAAS and crypto are enabled for these tunnels. Router crashes with traffic profile.
Conditions: Traffic profile includes, voice, http, and media traffic. A crash is seen as soon the traffic is initialized at less than 15% of load.
Workaround: There is no workaround.
• CSCum85493
Symptom: Ping fails with tunnel protection applied.
Conditions: Tunnel protection applied on GRE tunnel interface, using IKEv1 to negotiate IPsec SAs and remote node (IKEv1 responder) behind NAT.
Workaround: The users can switch to IKEv2.
• CSCun69811
Symptom: A customer on active box would only like to use the no activate commad for a single delegate registration entry below:
Initially, the caller is connected to IP-IVR, both ingress and egress leg of the CUBE is doing G711. Call is connected to the IP-IVR, then CVP sends a refer to the VXML GW for playing prompts and ringback tone. When the call is transferred to the agent, CUBE negotiated G729 at the sip level with the CVP, but because of mid-call signaling block on the ingress side, continue with the G711. Hence, xcoder is invoked on the CUBE to handle G729 to G711 and vise-versa, but CUBE is still sending G711 media to the agent phone side while the agent phone is sending G729 media to the CUBE.
Workaround: There is no workaround.
• CSCun84368
Symptom: Net flow cache entry is not created for IPV6 flows, and entries for IPv4 entries is not accurate. For IPv4 entries, the BGP next hop is not updated and set to 0.0.0.0.
Conditions: Upon Execution of RP switchover.
Workaround: After RP switch-over, remove BGP configuration from Core router ("P"), and configure it back. Upon BGP update on PE router, the BGP-NH will appear in FNF records.
• CSCun02605
Symptom: ASR crashes with no known trigger in CCSIP_SPI_CONTROL process.
Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ.
CUBE INVITE | INVITE (Via branch=ABC) ----------------------------->| ----------------------------------------> | 200 OK (Via branch=DEF) | <----------------------------------------- | Cube fails to send ACK to 200 OK for some reason and causes a crash.
Workaround: There is no workaround.
• CSCuo04588
Symptom: Signal quality on 10G port using SFP-10G-LR and SFP-10G-ZR are poor. Some packets are lost as CRC errors at 10G full bandwidth traffic test.
Conditions: This is seen on 1RU-VE built-in 10G ports with software version 15.4(02)S
Workaround: There is no workaround, except to upgrade the software.
• CSCuo00449
Symptom: CRC receive side errors have appeared on a variety of P4/P5 Nightster units utilizing both SR and LR optics during traffic flow tests. Not all units are experiencing the issue at present. Approximately, 10% of traffic are lost due to this issue at full 10G bandwidth traffic.
Conditions: This issue is seen on release 1RU-VE routers built-in 10G port running on software version 15.4(02)S.
Workaround: There is no workaround except to upgrade the software.
• CSCun73043
Symptom: Copper SFP (SFP-GE-T) interface in subslot 0/0 of Nightster does not come up with 10/100 mbps forced speed.
Conditions: The copper sfp (SFP-GE-T) interface hit this condition after router power cycle is issued.
Workaround: There is no workaround.
346Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
• CSCuo38164
Symptom: Traceback and log error is noticed.
Conditions: While initiating H323 call with the SBC feature.
Workaround: There is no workaround.
• CSCun86123
Symptom: ATOM port-mode xconnect is up, but all traffic under the l2 vc is dropped and statistics shown under show mpls l2 vc detail command are zero.
Conditions: On reloading the router multiple times continuously with traffic on port-mode ATOM vc, at times the VC does not come up. This issue is seen only on the SPA SPA-2CHT3-CE-ATM.
Workaround: Shut/no shut of the controller on which the port-mode ATOM vc is created.
Symptom: When configured as virtual tunnel end point (VTEP), the Router stops processing any data. It even fails to establish the OSPF neighbor relationship post the reload.
Conditions: When configured as VTEP, traffic stops on all Ports of the Ethernet Line Card after sometime. The problem also happens with packets going out of the ELC Ports having Multicast MAC address as destination MAC in the Ethernet header. The problem occurs only with ASR1000-6TGE/ASR1000-2T 20X1GE if any of the 1G/10G ports have egress Multicast MAC traffic.
Workaround: Reload the Line card and stop egress Multicast MAC traffic.
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
• CSCum99115
Symptom: In EFP xconnect setup, if local access EFP is default encap, local EFP state change from up to down will trigger remote CE interface down. This is the remote host shutdown feature.
Conditions: Occurs under he following conditions:
– Xconnect configured under EFP
– EFP is default encapsulation type
– Local EFP is down
Workaround: There is no workaround.
347Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
• CSCun57777
Symptom: Broadcast Packets are dropped after adding EVC config to ASR 1002 Router. The issue happened on and before Release 3.09.02. The issue doesn't happen on and after Release 03.10.00. After adding evc config, broadcast packets are dropped, L2BDReplicationStart is counted, and replication tree information disappears.
Conditions: on and before 03.09.02.
Workaround: To execute no shutdown command under service instance before configuration change.
• CSCuo77017
Symptom: The team resource has not released after 32k EFP is configured and deleted on the ASR 1001 Router.
Conditions: With a configuration running 3.13 image, configure 32k EFP and check the tcam resource on the ASR 1K and delete the EFP. Then check the tcam on the asr1k, and will find the resource has not been released.
Workaround: Reload the router or FP.
• CSCue91054
Symptom: ESP Crashed when sending IPv6 fragmented traffic through dmvpn hub(mgre tunnel).
Conditions: This happens when sending big IPv6 packets (need to do IPv6 fragmenation after adding tunnel header) traffic through dmvpn hub (mgre tunnel). Large amount of IPv6 fragment traffic (for example, 5G on ESP20) which exceeds reassembly performance number (less then 2G).
Workaround: Change MTU to avoid IPv6 fragmentation.
• CSCup05568
Symptom: BFD failing on RSP Failover on ASR1K with scale configuration.
Conditions: RSP Failover.
Workaround: There is no workaround.
• CSCuo85191
Symptom: Crashes on ASR 1000 Router.
Conditions: Memory allocation is failed.
Workaround: There is no workaround.
• CSCuo85982
Symptom: High RP and ESP utilization and generation of many large (~ 1 MB) logging files with names of the form "cpp_cp_F*".
Conditions: IPv4 multicast packets received on interfaces configured for IP subscriber sessions.
Workaround: There is no workaround.
• CSCuj55363
Symptom: In the LISP getVpn solution test, when the getvpn profile is applied in physical interface in the data path flow (such as interface between GM1 to core), the traffic gets dropped with qfp error of IpsecIkeIndicate"/"OUT_V4_PKT_HIT_IKE_START_SP when the getvpn profile is applied to the LISP0 interface. The encrypted traffic flows in the LISP setup properly.
Conditions: getvpn profile is applied to the physical interface instead of lisp interface.
Workaround: Apply getvpn profile in the LISP interface.
348Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
• CSCum80911
Symptom: On ASR1006 system, on the DMVPN hub, with 2K ipv4 tunnel over ipv6 transport. When do clear crypto session on hub and spoke twice, ESP is crashed.
Conditions: On ASR1006 system, on the DMVPN hub, with 2K ipv4 tunnel over ipv6 transport. when do clear crypto session on hub and spoke twice, ESP is crashed.
Workaround: There is no workaround.
• CSCup17060
Symptom: ESP crashes at imgr_pktc_cmdsmapcreate_impl.
Conditions: Multiple RP switchovers with 10K flexvpn sessions with traffic
Workaround: There is no workaround.
• CSCun23996
Symptom: DPSS session is not cleared from the router when the dpss application ends gracefully. The session get cleared automatically after approx 3 mins. During this time, application with same application name cannot reconnect.
Conditions: Provide the conditions.
Workaround: Run the following command on router to clear the session immediately: one stop session all or Wait for the session to get cleaned automatically, or terminate the application ungracefully (ctrl + c).
• CSCun41391
Symptom: FP crash after the IOS-XE upgrade to 3.11.0S.
Conditions: ASR 1K router running 3.11.0S.
Workaround: There is no workaround.
• CSCuo22413
Symptom: ASR1000 may crash unexpectedly.
Conditions: The crash is due to Flexible Net flow aging timers.
Symptom: When using the Anyconnect autoreconnect feature on the ASR platform, configurations dynamically applied to the virtual-access interface might be lost over the reconnection.
Example, the interface after initial connection establishment would have a QOS service policy applied:
349Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.1S
ROUTER#sh derived-config int virtual-access 1 ! interface Virtual-Access1 ip unnumbered GigabitEthernet0/0/1 tunnel source 10.1.1.1 tunnel mode ipsec ipv4 tunnel destination 10.10.1.100 tunnel protection ipsec profile ipsec-profile no tunnel protection ipsec initiate service-policy input INPUT-POLICY end After reconnection the INPUT-POLICY is missing:
ROUTER#sh derived-config int virtual-access 1 ! interface Virtual-Access1 ip unnumbered GigabitEthernet0/0/1 tunnel source 10.1.1.1 tunnel mode ipsec ipv4 tunnel destination 10.10.1.100 tunnel protection ipsec profile ipsec-profile no tunnel protection ipsec initiate end
Conditions: This has been observed with configurations being applied from the user AAA profile over Radius authentication. Affected parameters observed are QOS service policies and access-group.
Workaround: Do not use the reconnect feature or apply those configurations directly to the Virtual-Template (if this is an option).
• CSCtx72973
Symptom: Config-sync failure is seen when unconfiguring the crypto gdoi group.
Conditions: Seen on HA setup.
Workaround: There is no workaround.
• CSCum25373
Symptom: Traceback is seen.
Conditions: MSRPC regression test (mcp_alg_msrpc.tcl) is run
Workaround: There is no workaround.
• CSCup37676
Symptom: ASR1K crashes when pinging end-to-end over OTV with a frame size greater than (MTU-42) bytes.
Conditions: This has been seen on two ASR1002-X's running IOS-XE 03.10.01.S. Crash was seen when passing large packets across an OTV topology.
Workaround: Limit oversize packets across overlay topology.
• CSCup38743
Symptom: FTP signaling goes through fine across the ASR in the broken state, but the FTP Data session ( for both active/passive) does not get established.
Conditions: ASR running any of the recent IOS XE code after 3.7.3 with CGN shows this problem after normal operations for about every 2-5 hours.
Workaround: Either clear all the NAT translations ( clear ip nat trans * ) or reload the ESP or issue is not seen on the IOS versions before XE 3.7.3 ( including).
• CSCup11246
Symptom: When doing ISSU super-pkg/sub-pkg upgrade/downgrade between XE3.12.0 CCO to/from latest XE3.12.1 throttle image with Broadband features, Stdby RP fails to come online within the expected time (around 10 mins) and it takes ~18 mins to come to STANDBY HOT state. Noticed that the process CCM RP(82) stucks about 8 mins.
Conditions: Fix for DDTS CSCuo84195 ISSU xe310<>xe311: STBY-RP stuck in process @CCM RF(82) after loadversion Is causing this DDTS.
350Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS
Though DDTS CSCuo84195 issue is introduced in XE3.11.0, but only identified and fixed recently. Without this DDTS there will be an ISSU issue between XE310 <-> XE311 (or XE312 or XE313)+ images.
After the fix following are the compatible and versions, XE3.10.3 <-> XE3.11.2 <-> 3.12.1 <-> 3.13
Since we cannot commit to already existing labels of XE3.11.0, XE3.11.1 XE3.12.0, this will be known breakages and issu between these image to any latter image will fail.
Workaround: There is no workaround.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS
This section contains the following topic:
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS, page 351
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS
This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS:
• CSCuj86660
Symptom: The CLI is currently not supported. The mapping option is not available if the user types a ? after the buffer keyword, as shown in the example below:
Router# show platform hardware slot 0 plim buffer ?
settings PLIM buffer settings
Router# show platform hardware subslot 0/0 plim buffer ?
settings PLIM buffer settings
| Output modifiers
<cr>
Router# show platform hardware port 0/0/0 plim buffer ?
settings PLIM buffer settings
The following list of CLIs will point the user to the show platform hardware port 0/0/0 plim buffer ? command:
– show platform hardware slot 0 plim qos input bandwidth
– show platform hardware subslot <slot/card> plim qos input bandwidth
– show platform hardware interface <interfacename> plim qos input bandwidth
Conditions: An error would occur if the user tries to execute the CLI as below:
351Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.aS
Router# show platform hardware slot 0 plim buffer mapping ^ % Invalid input detected at '^' marker
Workaround: For the built in SPA ports (sub slot 0/0), use the following port mapping for PLIM commands:
• CSCuo41369
Symptom: VLAN error reported on the native GE port independent of port speed, which is connected to a C3750G GE switch.
Conditions: The configuration of the UUT port is default and the switch port is:
switchport access vlan 2 switchport mode dot1q-tunnel no cdp enable
Workaround: The current workaround is to implement a different GE Switch model in this environment.
• CSCum54014
Symptom: The router reloads randomly when the CPU utilization is near 100% and flexible Netflow with a sampler is configured.
Conditions: The router reloads randomly when running performance tests at near 100% CPU utilization with Flexible Netflow and 1-out-of-10 sampler. No configuration changes are seen at the time of the crash, only running traffic is seen at various levels and monitoring CPU/memory utilization. The sampler configuration seems to be the trigger, and the crash doesn't happen with plain Flexible Netflow. Also, the crash is only seen with IPv4 traffic. IPv6 traffic does not produce the crash with the same configuration.
Workaround: Use Flexible Netflow without the sampler configured.
• CSCuo44165
Symptom: The ASR 1001-X Router may reload when a very large scale IPv6 ACL/ACE configuration is utilized.
Conditions: Large scale IPv6 ACL config is used: 4000 IPv6 ACL (each ACL has 6 ACE) with total 24000 ACE per system.
Workaround: There is no workaround.
• CSCuo16316
Interface Number Interface Name
Interface 0/0/0 TenGigabitEthernet0/0/0
Interface 0/0/1 TenGigabitEthernet0/0/1
Interface 0/0/2 Crypto-Engine0/0/8
Interface 0/0/3 GigabitEthernet0/0/0
Interface 0/0/4 GigabitEthernet0/0/1
Interface 0/0/5 GigabitEthernet0/0/2
Interface 0/0/6 GigabitEthernet0/0/3
Interface 0/0/7 GigabitEthernet0/0/4
Interface 0/0/8 GigabitEthernet0/0/5
352Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Symptom: COS Based classification of Ethernet packets for the BUILT-IN-2T 6X1GE SPA might not work. Packets will hit the QIN-ANY entry if configured first, rather than explicitly configured QINQ entry and pick up the classification policy for QIN-ANY entry.
Conditions: This problem only occurs if the user configures the QINAny entry followed by an explicit QINQ entry. For example, encap dot1q 50 second-dot1q any encap dot1q 50 secnd-dot1q 10 encap dot1q 50 secnd-dot1q 50. So all the packets that have the outer VLAN tag as 50 will always hit the hardware entry corresponding to the entry 50-any which will cause the classification policy of 50-any to be applied to entry 50-10 and 50-50 as well.
Workaround: Configure explicit QINQ tagged entries first followed by the QINAny entry.For example, <Explicit tags should go first during configuration> encap dot1q 50 secnd-dot1q 10 encap dot1q 50 secnd-dot1q 50 <Make sure to configure the QINAny entry as the last entry> encap dot1q 50 second-dot1q any.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S, page 353
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S, page 361
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S.
• CSCuj04100
Symptom: ASR 1000 Router crashed with the following error message:
Conditions: ASR 1000 Router running 03.10.00.S with configured zone based firewall.
Workaround: There is no workaround.
• CSCun01152
Symptom: An IOS-XE router may reload unexpectedly when zone-based firewall is configured.
Conditions: Zone-based firewall is configured and may be dependent on many active MSRPC sessions.
Workaround: There is no workaround.
• CSCul06361
Symptom: When subscriber session is created with ip subscriber interface on subinterface in shutdown state, after bringing the subinterface up, the out packet counters are not increasing. Subscriber does not have IP connectivity, since traffic is going only in one direction.
Conditions: ASR 1K ISG running IOS XE 3.7.4.S (15.2(4).S4), with ip subscriber interface created from subinterface in the shutdown state.
353Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Workaround: Clearing subscriber session when subinterface is up/up will re-establish session when the connectivity is restored.
• CSCul48822
Symptom: While provisioning an ISG IP Subscriber session, it is possible to leak an ESS segment chunk (IOSXE ESS SEG).
Conditions: The memory leak may occur when there is an error provisioning an ISG IP subscriber session.
Workaround: There is no workaround.
• CSCuh03476
Symptom: Tracebacks are seen while configuring APS parameters on a PoS link.
Conditions: Occurs during normal CLI configurations.
Workaround: There is no workaround.
• CSCui22356
Symptom: When Subpackage ISSU Upgrade is performed on ASR1002-X router after upgrading the standby RP (R0/1) with new RP subpackages, switchover is forced from the active IOS process to the standby IOS process. During the switchover, new active RP performs configuration Bulk-Sync with the standby RP. During this Bulk Sync operation, the configuration related to the interfaces is not synced to the standby due to Bulk Sync MCL failures.
The following sample error message will be displayed when this error is present:
Config Sync: Bulk-sync failure due to Servicing Incompatibility. Please check full list of mismatched commands via: show redundancy config-sync failures mcl Config Sync: Starting lines from MCL file: interface Tunnel150 ! <submode> "interface" - tunnel source GigabitEthernet0/0/0.34 <..............> Standby takes more time(~744 seconds) for reaching terminal State.
Conditions: The symptom is observed after redundancy force-switchover step in ISSU upgrade procedure.
Workaround: Perform a standby IOS reload using the hw-module subslot R0/0 reload command.
• CSCui72473
Symptom: When the Traffic is flowing through ATM1xOC3, the rate of flow fluctuates very faster and the counters does not match. The show interface atm0/3/0 | i pack command can be used repeatedly to check the rate.
Conditions: The traffic should be flowing through ATM SPA.
Workaround: There is no workaround.
• CSCui76166
Symptom: TTB Rx information is not getting updated on one ASR 1000 Router serial interfaces - Bident.
Conditions: Range of framing type.
Workaround: Default interface and reconfigure OR OIR Bident.
• CSCui87851
Symptom: Incorrect end interface number range as 0 to 6.
Conditions: While trying to configure built-in GigE interfaces with interface range command
Workaround: There is no workaround.
• CSCui91872
354Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Symptom: When configuring the following commands on ASR 1000 platform, you get the errors mentioned below:
– exception memory ignore overflow io frequency 30 maxcount 5
– exception memory ignore overflow processor frequency 30 maxcount 5
Conditions: Hardware and software on ASR1k and all IOS platforms, should have non zero values in following commands:
– exception memory ignore overflow io frequency 30 maxcount 5
– exception memory ignore overflow processor frequency 30 maxcount 5
Workaround: There is no workaround.
• CSCuj14019
Symptom: %CMRP-3-UDI_AUTH: F0: command: Quack Unique Device Identifier authentication failed, show up on ASR1001 Router.
Conditions: After reloading the box or inserting SFPs.
Workaround: There is no workaround.
• CSCuj30033
Symptom: ATM interface - SPA-1XOC3-ATM-V2 - shows counters frozen when interface is shut down.
Conditions: Running traffic over an ATM (SPA-1XOC3-ATM-V2) interface and then shutting down the interface.The interface counters remain frozen and do not return to zero.
Workaround: There is no workaround.
• CSCul35389
Symptom: Following error messages are observed with SPA reload: ================================================================== Nov 26 2013 15:14:31.496 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP Nov 27 2013 17:31:42.464 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP The process mcpcc-lc-ms is held down and the SIP is reloaded.
Conditions: Errors are observed when SPA is reloaded.
Workaround: There is no workaround.
• CSCul45015
Symptom: The show platform hardware port slot/bay/interface plim statistics command does not work correctly. In case of ingress plim classification, the RX high counters are always shown as zero. This is observed on ASR1002-X Router.
Conditions: Plim ingress classification classifies the ingress classification into two HIGH and LOW priority traffic. Note that this is not about the classification not happening correctly. Traffic is classified correctly, it is just that the 'RX high priority' counters under the show platform hardware port slot/bay/interface plim statistics command are not displayed (always shown as 0).
Workaround: There is no workaround.
355Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
• CSCul94622
Symptom: On an ASR 1000 router with CT3 SPA, Malloc Failures and SPA firmware download failures are seen.
Conditions: SPA should have many channels configured (more than 50% of its maximum capacity) and SPA soft reload is done.
Workaround: There is no workaround.
• CSCug91353
Symptom: Clear command for punt-policer statistics are not logical and located under: show platform hardware qfp active infrastructure punt policer command.
Conditions: Attempting to clear statistics of counters depicted using the show platform soft punt-policer command.
Workaround: Use the show platform hardware qfp active infrastructure punt policer clear command.
• CSCui77763
Symptom: The show platform software memory qfp-control-process qfp active command is not working.
Conditions: Execution of the show command.
Workaround: There is no workaround.
• CSCuj35119
Symptom: Upon installing metro ip services and performing a RP switchover, memory leak is noticed:
Address Size Alloc_pc PID Alloc-Proc Name 353DE1BC 76 10094D50 0 *Dead* open license master.i info
Conditions: When this condition occurs perform the following:
1. Install metroIPservices license.
2. Perform SSO.
3. Show memory debug leaks.
Workaround: There is no workaround.
• CSCul17693
Symptom: On the ASR1000 platform family, CISCO-ENHANCED-MEMPOOL-MIB & CISCO-MEMORY-POOL-MIB show lsmpi_io pool is available with little free memory. As a result, various SNMP management software applications may generate an error notification.
Conditions: This condition is shown from the moment the router boots up. The lsmpi_io pool is used on the Route Processor of all ASR1000 routers. Unlike other IOS versions, IOSd on the ASR is a process running on IOS XE. IOSd has a single logical interface, which communicates to IOS XE. This interface is called the Linux Shared Memory Punt Interface (LSMPI). When the ASR 1000 Router boots up, the lsmpi_io pool is created and nearly all of the memory is allocated up front by design. Therefore, the little free memory shown in the MIBs is by design and does not indicate an error condition.
Workaround: There is no workaround for the lsmpi_io pool having little free memory. If some other piece of software is generating alarms for this reason, the management software needs to be adjusted.
• CSCud63220
356Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Symptom: Tunnel interface QoS tail drop counter reported at physical interface. Service policy is applied on the tunnel 5432. Drops are seen on the output of show policy-map tunnel 5432 command. Drops are seen on the physical interface over which the tunnel is built. NO drops are seen on the Tunnel interface. From the output below, OQD is 0 for the tunnel interface.
Conditions: When packets are dropped on a tunnel interface, the output of the show platform hardware qfp act interface all statistics drop_summary command and show interface summary would only show the dropped packets against the phsyical interface, which made it difficult to determine which tunnel the packets were being dropped on.
Workaround: There is no workaround.
• CSCui13063
Symptom: QoS on Service instances using COS matching in the child level of a hierarchical policy-map may fail to properly match traffic. Traffic may be classified into an incorrect QoS class.
Conditions: Using COS matching in the child level of a hierarchical QoS policy-map on a service instance.
Workaround: Use a flat policy map, if possible.
• CSCul03067
Symptom: Tunnel interface QoS tail drop counter reported at physical interface. Service policy is applied on the tunnel 5432. Drops are seen on the output of the show policy-map tunnel 5432. Drops are seen on the physical interface over which the tunnel is built. NO drops are seen on the Tunnel interface. From the output below OQD is 0 for the tunnel interface
Conditions: When packets are dropped on a tunnel interface, the output of the show platform hardware qfp act interface all statistics drop_summary command and show interface summary would only show the dropped packets against the phsyical interface, which made it difficult to determine which tunnel the packets were being dropped on.
Workaround: There is no workaround.
357Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
• CSCul70833
Symptom: Byte-based queue-limit does not work correctly when fair-queue is configured.
Conditions: Using fair-queue feature simultaneously. The issue can happen on ASR 1000 Router. The issue is found on 15.3(3)S.
Workaround: Use packet-based queue-limit instead of byte-based queue-limit.
• CSCum66678
Symptom: When per-tunnel QoS is configured on a DMVPN hub, the ESP memory may become exhausted due to a memory leak. This could cause the ESP to reload.
Conditions: If there are a large number of DMVNP spokes and the spokes flap, then memory on the ESP is allocated and not freed. This could cause the memory exhaustion on the ESP and thus case the ESP to reload.
Workaround: One could monitor the ESP memory usage and if it is getting low, then reboot the ESP during a mainance window. The command show platform software memory qfp-control-process qfp act brief | inc I/F can be used to determine if memory is being consummed due to this issue.
Example:
Router# show platform software memory qfp-control-process qfp act brief | inc CPP I/F DB module allocated requested allocs frees ------------------------------------------------------------------------------ CPP I/F DB 128 48 5 0 <== normal condition is 5 allocs at bootup that is not freed (one spoke flapped) CPP I/F DB 8172 8076 6 0 <== 1 additional alloc of 8028 (2k spokes in network) - with this bug, this memory is not freed
• CSCui90224
Symptom: Using a performance monitor when the cache size is set to its default value may cause an error during the Cisco In-Service Software Upgrade (ISSU) process. An error in the console log will indicate a failure to update the monitor cache size.
Conditions: Occurs under the following conditions:
– Applicable to all Cisco IOS XE platforms.
– Occurs when running ISSU, which provides transparent router software upgrade or downgrade.
– May occur when doing either one of the following: - Upgrading from Cisco IOS XE 3.10 or earlier to IOS XE 3.11 or later version - Downgrading from IOS XE 3.11 (or later) to a version earlier than 3.11
Workaround: A preventive workaround and typical use case is to configure the cache size manually rather than using the default. If using the default cache size, use the following workaround to avoid the error:
1. Remove the service policy.
2. Run the system upgrade or downgrade.
3. Re-attach the service policy.
• CSCuj19865
Symptom: The cache size computed for an Easy Performance Monitor (EZPM) context when running on ESP100 or ESP200 supports 10G rate while it should support 15G.
Conditions: An ASR1K Router with ESP100 or ESP200 installed. Configure EZPM monitor context. Attach the monitor to an interface.
Workaround: The user can override the default value computed by EZPM.
• CSCuj39496
358Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Symptom: When configuring Input MPLS aware FNF (under interface config, mpls flow mon MON_NAME in) it can happen that FNF will cease to function due to cache entry leak/exhaustion.
Conditions: This can only occur with Input MPLS FNF and moreover only will occur with certain labels. In particular it will occur for MPLS labels for which the output of the show plat hard qfp active feature cef-mpls prefix mpls label num command does not have an IPV4 adjacency.
Workaround: There is no workaround other than to realize that this will only happen for MPLS FNF, Input FNF (not Output FNF), and for MPLS labels that no not have the IPV4_ADJACENCY.
• CSCul04783
Symptom: fman-fp crashes @ fman_fnf_object_walk.
Conditions: Test the avc_serviceability feature with ESP160.
Workaround: There is no workaround.
• CSCul22733
Symptom: ASR is seen to crash.
Conditions: Occurs under the following conditions:
1. Flow exporter defined with the Management interface GigabitEthernet0 configured as source.
2. An FNF record is configured to collect URL name.
3. FNF monitor using the above record and exporter is configured on an interface with MTU greater than 1500 bytes.
4. A packet with URL greater than 1500 bytes hits the monitor.
Workaround: Do not configure the Management interface as flow exporter source.
• CSCul25833
Symptom: Issue with Dual Collector FNFV9 in ASR 1002x only one collector is collecting and the second one is not. Happens when monitor has two collectors. The monitor is detached from interface and attached again immediately. Only one of the collector will continue to work correctly.
Conditions: Under flow-monitor provisioning.
Workaround: Apply each flow monitor with a gap of 5secs. If monitor was removed, wait for 5 secs before bringing it back.
• CSCul34776
Symptom: After ISSU process AOR and dependent fields are not working. Also, sampler granularity may be different from the configured.
Conditions: Happens sometimes.
Workaround: Remove AVC configuration and apply it again after the ISSU process is finished.
Conditions: One only performance monitor is configured on interface. AOR is enabled at policy level.
359Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Workaround: There is no workaround.
• CSCul62107
Symptom: When an MPLS egress interface is configured with a flow monitor that matches/collects BGP next hop, The FNF field BGP_NEXT_HOP should be the IP address of the PE-router, which generated the topmost label however, it is currently set to 0.
Conditions: MPLS egress interface on the PE router configured with a flow monitor that matches/collext BGP next hop.
Workaround: There is no workaround.
• CSCul92406
Symptom: FNF monitors updates are failing at ESP.
Conditions: Unconfigure the FNF monitor and configure again.
Workaround: There is no workaround.
• CSCum35386
Symptom: The AVC Sum Duration metric is incorrect on the Utlra platform.
Conditions: AVC Sum Duration metric is enabled via one of the AVC/EZPM tools (e.g. ART), and is assigned to an interface on an Ultra platform (however it works fine on ASR).
Workaround: There is no workaround.
• CSCum48124
Symptom: Occasional crash/traceback and router reload when performing config-replace while both performance monitor/s (e.g. EzPM) and native FNF monitors are assigned to the same interface.
Conditions: Performing a config-replace to a clean config (i.e. doesn't assign performance monitors or native FNF monitors), while there are both performance monitors (e.g. EZPM) and native FNF monitors assigned to the same interface in the current running config.
Workaround: First unassign either or both the performance monitors and the native FNF monitors before performing the config-replace. In that case, the config-replace works okay.
• CSCuh27266
Symptom: CPP core not generated when FP crash happens.
Conditions: Perform SPA OIR with Unicast/Multicast/Broadcast storm control on 32K EFPs
Workaround: There is no workaround.
• CSCui17100
Symptom: FP reloads with the corefile reporting a GIF_CSR32_GIF_LOGIC_ERR_LEAF_INT__INT_FBLK_CNT_LOW interrupt.
Conditions: This issue only applies to ASR1002-X, ESP100 and ESP200. This crash occurs when the amount of available QFP packet buffer memory falls below 3% of the total available. This can only happen if there is a combination of heavy traffic and a flood of control packets. An example action that could cause a flood of control packets is an OIR of the carrier card when using a scaled EVC-EOMPLS configuration.
Conditions: On executing the show platform hardware cpp active infrastructure txspi 0 status command.
360Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Workaround: There is no workaround.
• CSCum75385
Symptom: The show platform hardware qfp active datapath utilization command displays wrong data. When high priority traffic (ip precedence 6,7) is sent, the counters against Input Non-Priority rows increment. When low priority traffic (ip precedence 0,1,2,3,4,5) is sent, the counters against Input Priority rows increment.
Conditions: This can occur when using ESP100.
Workaround: There is no workaround.
• CSCun32904
Symptom: Ping fails with packet size larger than 10000 with MPLS over mGRE.
Conditions: Configure the MPLS over mGRE and MPLS MTU MAX, Ping jumbo packet and mGRE peer side is also an IOS-XE based service router(ASR1K/ISR4400/CSR1000V)
Workaround: Remove mpls mtu max.
• CSCun17558
Symptom: COS markings not seen properly on the dot1q interface.
Conditions: The issues are seen if fragment happened in data plane on the dot1q interface.
Workaround: There is no workaround.
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S.
• CSCun57359
Symptom: Complete or near-complete loss of traffic over an MLPPP bundle.
Conditions: If an MLPPP bundle is currently attempting to pass traffic beyond the physical bandwidth of the bundle and a new member-link is added, or an existing member-link is flapped a sudden and persistent loss of traffic for that bundle can occur.
Workaround: Configure a basic QoS policy that contains at minimum a class-default traffic police or shape restriction. Attach this policy as an output policy to the MLPPP bundle.
Example:
policy-map basic-output-policy class class-default shape average percent 90 interface Multilink1 ... service-policy output basic-output-policy
• CSCun02679
Symptom: The tracebacks were seen on Standby RP for this one time while bringing up GTP sessions.
Conditions: Just bring up the dhcp initiated GTP sessions and the tracebacks were seen on standby RP.
Workaround: There is no workaround.
• CSCun40443
Symptom: The "not supported on this platform" error message is displayed when doing platform CAC configuration on ESP-5 platform.
361Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Conditions: Set following platform CAC configuration on ESP-5 platform: FP CPU - FP MEM -CC MEM.
Workaround: Do not set following platform CAC configuration on ESP-5 paltform: FP CPU, FP MEM, and CC MEM.
• CSCun23996
Symptom: DPSS session is not cleared from the router when the dpss application ends gracefully. The session get cleared automatically after approx 3 mins.
Conditions: During this time, application with same application name cannot reconnect.
Workaround: Perform one of the following:
– Run the following one stop session all command on router to clear the session immediately.
– Wait for the session to get cleaned automatically
– Terminate the application ungracefully (Ctrl + C)
• CSCum95638
Symptom: Multiple tracebacks seen pertaining to uRPF component cannot allocate more memory. No functional issues are seen i.e. no session drops.
Conditions: TB is seen on Scaled Setup of 128K Autheticated Sessions and 256K Walkby sessions.
Workaround: Lower the session scale during RP Switchover. Tested 107K Authenticated Sessions, 223K Walkby Sessions with no issues.
• CSCum80911
Symptom: On ASR 1006 system, on the DMVPN hub, with 2K ipv4 tunnel over IPv6 transport.
Conditions: When do clear crypto session on hub and spoke twice, ESP crashed.
Workaround: There is no work around.
• CSCun59767
Symptom: Set egress interface MTU to less than 256. Send packets of size greater than 256. Packets were not dropped by UUT as "IpFragErr", but pass through successfully.
Conditions: Set MTU to 100 on the UUT egress interface, which is the same interface to which a crypto map is attached. DF Bit is set in the security-association for that crypto map. From end host, send packets of size 1000. Packets get fragmented to smaller packets of size 256 first, then encrypted. All the fragmented packets will have DF bit set in IP header. These fragmented packets should be dropped at the egress interface.
Conditions: Traffic with over subscription shows the TBAR drops. Eventually, all the traffic dropped.
Workaround: Increase anti-replay window size to 20sec.
• CSCun39959
Symptom: ASR1K can drop site-2-site IPSec packets with specific pad-lengths. The packets are size 47 bytes n*64 (where n is >=1)
362Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
Conditions: Site-2-site IPSec tunneled packets from 3rd-party CPE (not been seen with Cisco IOS based CPE as remote IPSec tunnel endpoints). The packet-sized being dropped are 111bytes in length (or 64-byte increments added to 111bytes).
Workaround: There is no workaround.
• CSCun45500
Symptom: Flow count value is incorrect in the show platform software ipsec F0 inventory command.
Conditions: Flow count values are incorrect for GETVPN Configuration.
Workaround: There is no workaround.
• CSCum81783
Symptom: Ping fails to go through the v4 over v6 mixed-mode tunnel.
Conditions: When Mixed-mode tunnel is configured and VPN connection is established.
Workaround: There is no workaround.
363Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12.S
364Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.12S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
This chapter provides information about the caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S. Caveats describe unexpected behavior. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats. This chapter includes severity 1, severity 2, and selected severity 3 caveats.
Note For information about the caveats pertaining to releases earlier than Release 3.6S, see Cisco IOS XE 3S Release Notes.
We recommend that you view the field notices for the current release to determine whether your software or hardware platforms are affected. You can access the field notices from the following location:
In each section, the following information is provided for each caveat:
• Symptom—A description of what is observed when the caveat occurs.
• Conditions—The conditions under which the caveat has been known to occur.
• Workaround—Solutions, if available, to counteract the caveat.
Note If you have an account on cisco.com, you can also use the Bug Search Tool to find select caveats of any severity. To reach the Bug Search Tool, log in to cisco.com and go to https://tools.cisco.com/bugsearch/product?name=Cisco+ASR+1013+Router#search (If the defect that you have requested is not displayed, it may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)
The Dictionary of Internetworking Terms and Acronyms contains definitions of acronyms that are not defined in this document:
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
• CSCtz97771
Symptom: During regular operations, a Cisco router running Cisco IOS release 12.4(24)T and possibly other releases experiences a crash. The crash info will report the following:
%SYS-2-FREEFREE: Attempted to free unassigned memory at 4A001C2C, alloc 4180794C, dealloc 417616B0,
%SYS-6-BLKINFO: Attempt to free a block that is in use blk 4A001BFC, words 134, alloc 4180794C, Free, dealloc 417616B0, rfcnt 0.
Conditions: These is no condition.
Workaround: There is no workaround.
• CSCud94511
Symptom: Multiple Tracebacks seen on Router reload
Conditions: router reload
The tracebacks are seen if a scaled config is present on any atm/gig spa with POS spa present in the system
Triggers can also vary from router reload to sip reload aur shut/no shut of larg number of tunnels.
Triggers increase the load on router processing which interferes with the working of POS spa and hence tracebacks are seen.
Workaround: There is no workaround.
• CSCue23898
Symptom: A Cisco router running Cisco IOS Release 15.3(1)T may crash with a bus error immediately after issuing the 'write memory' command.
Example:
14:44:33 CST Thu Feb 14 2013: TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x228B2C70
Conditions: This symptom occurs while updating the router's running configuration with the 'write memory' command. It has been seen while updating various different commands
Workaround: There is no workaround.
• CSCue27980
Symptom: ASR1k suffers a CPP crash triggered by NBAR
Conditions: When NBAR and NAT are both enabled on the same interface there could be some rare conditions which could lead to the crash of the ASR.
Workaround: There is no workaround.
• CSCue99781
Symptom: VCD id is assigned to ATM pvc interface once it is created, so after remove the pvc and re-create it we will lost the previous VCD id as the handle, and cannot delete the corresponding condition except remove all the conditions at once.
Conditions: Delete intf before unconfig condition debug.
Workaround: Unconfigure condition debug at first
• CSCuf47613
Symptom: Call waiting tone is not played by the DSP if cptone gb is configured when the second SIP call arrives to the FXS port's number.
368Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: Issue was found with 15.2(4)M1 and dsapp.
Workaround: Disable cptone GB
• CSCuh87195
Symptom: A crash is seen on a Cisco router.
Conditions: The device crashes with gw-accounting and call-history configured. The exact conditions are still being investigated.
Workaround: Completely remove gw-accounting. Or disable call-history using the following commands:
– gw-accounting file
– no acct-template callhistory-detail
• CSCui22204
Symptom: Below mentioned internal IEC error seen in CUBE logs:
Conditions: This IEC error would be seen while processing incoming SIP REFER for call transfer along with local consumption of REFER ('no supplementary-service sip refer' CLI) i.e CUBE is consuming REFER locally and generating INVITE to transfer target.
Workaround: There is no workaround.
• CSCui48606
Symptom: 3925 voice xml gateway crashed.
Conditions:
vxml configured:vxml tree memory 500vxml version 2.0
Workaround: There is no workaround.
• CSCui64059
Symptom: Router crashes during call forward scenario
Conditions: This symptom is observed when call forward is enabled.
Workaround: This issue is fixed.
• CSCui68757
Symptom: Enhancement of icmp message rate-limit, for protection of QFP from ICMPv4 Attack.
Conditions: In IPv4 ICMP, some types of ICMP packets will be generated in data plane. To protect QFP from IPv4 ICMP attack, we need a mechanism to do rate-limit of ICMP packets generated by data plane.
There is existing IPV4 ICMP rate-limit mechanism, which is only for ICMP unreachable type. In this fix, we expand this rate-limit mechanism to cover all IPv4 ICMP packets which are generated by data plane.
369Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: There is no workaround.
• CSCui73249
Symptom: NHRP local (no socket) entry gets converted to a socket entry causing matching traffic to be blackholed.
Conditions: DMVPN phase 3 network.
Workaround: Configure 'ip nhrp server-only' or remove 'ip nhrp shortcut' on the hub router.
• CSCui99433
Symptom:
1. INFO not being responded by CUBE (in race condition)
2. INFO not being passed to other leg (in race condition)
Conditions: Race condition - Recvd mid-call RE-INVITE and INFO at almost the same time
Workaround: There is no workaround.
• CSCuj13596
Symptom: Issuing a command crypto key move rsa aaa non-exportable" throws an error, Failed to move keypair aaa to device.
Conditions: Before issueing the above command, generate the rsa keys with label 'aaa'.
Workaround: There is no workaround.
• CSCuj19201
Symptom: Re-registration time is recalculated on GM nodes upon receiving a TBAR rekey, based on the remaining TEK lifetime at the time of the TBAR rekey.
This effectively causes a much-shorter re-registration window compared to the one obtained at the GM registration, even if the original TEK lifetime was configured with a long value.
Conditions: These is no condition.
Workaround: There is no workaround.
• CSCuj72342
Symptom: FP crash occurs with PPP sessions
Conditions: On applying nat settings to CGN mode
Workaround: There is no workaround.
• CSCuj80245
Symptom: No address prefix flow records get reported when packets get fragmented at Tunnel interface, which has enabled with AVC flow monitor.
Conditions: May occur when packet are fragmented due the maximum packet length limit, called the Maximum Transmission Unit (MTU).
When packet size is bigger than the interface MTU, the packet will be fragmented and will not be monitored by AVC.
Workaround: Increase the size of the MTU to accommodate larger packets. For example, configure an MTU of 3000 bytes with the following CLI:
Device(config)# interface Gig0/2/1Device(config-if)# mtu 3000
• CSCuj84035
370Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: Seeing Alignment errors on standby box that is a member of a CUBE-HA pair
Conditions: ISRg2 using Box to Box CUBE-HA with HSRP.
Workaround: There is no workaround.
• CSCuj88820
Symptom: Router acting as a PKI client continues auto-enrollment to its CA even after the CA certificate has expired.
Conditions: Client router is configured with 'auto-enroll' under its trustpoint.
Workaround: Remove 'auto-enroll' from the trustpoint on the PKI client router, or,
Delete the trustpoint in question on the PKI client router.
• CSCuj93565
Symptom: %SPA_OIR-3-EVENT_DATA_ERROR: SPA OIR event data error - fail.
Conditions: None.
Workaround: There is no workaround.
• CSCul07137
Symptom: IFCFG timeouts will happen on Reload or Shut/No shut of Scaled Vlan Port.
Conditions: Ethernet Line card with Scale QinQ having fixed outer vlan and range of VLAN configuration on reload or Shut/No shut, IFCFG Timeouts are observed.
Workaround: There is no workaround.
• CSCul12835
Symptom: Crash with CGN/BPA configuration.
Conditions: IP pool was extended, single bit in BPA was set.
Not seen with 1000 users. Issue is seen with waround 8000 users.
Workaround: There is no workaround.
• CSCul27924
Symptom: Customer experienced crash on ASR-1001 during normal operation.
Conditions: These is no condition.
Workaround: There is no workaround.
• CSCul41442
Symptom: In the M train of IOS and the S train of IOS-XE the "media anti-trombone" feature added in 15.1(3)T CUBE does not appear as an option when configuring "voice class media" groups. It is not present as an option at the dial-peer level as well.
Conditions: This symptom is observed in any non "T" train of IOS and IOS-XE. IOS Tested 15.2(3)T - Available as media option Tested 15.3(3)M - Not there IOS-XE Tested 15.1(3)T - Available as media option Tested 15.3(3)S1 - not there
371Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: Customer has to have a "T" train IOS of Cisco IOS Release 15.1(3)T or higher. Impacts customers ability to deploy Cube Enterprise solutions.
• CSCul59525
Symptom: ASR1K cube running Cisco IOS Release XE3.8S, many hung calls are seen over a period of one week. There are three different symptoms of hung call legs. Example 1: One of the call leg is in stuck state Example 2: Both the call legs are active and connected and stuck for more than a week Example 3: Both call legs are stuck in disconnect state but one of the call is connecting and other leg is in active state. Topology: VzB ---sip----CUBE------sip------SME Cluster-----sip------Admin04 cluster---------IP Phones | | | ----------------sip trunk to fax server | | ------------------SIP trunk to Unity connection vm
Conditions: Though the reason for this issue is unknown, it is very random in nature. Hung calls are seen for a normal sip to sip calls going to IP phone, or calls that routes to unity connection voicemail and also stuck fax calls.
Workaround: There is no workaround.
• CSCul73789
Symptom: In an IPv6 IPSEC scenario we see code crashes with traffic flowing. This is seen even with a single tunnel with traffic flowing.
Conditions: The exact conditions under which this problem is seen in unclear.
Workaround: There is no workaround.
• CSCul81353
Symptom: ASR1006 with RP2 running ES version based on Version 15.3(1)S crash with Segmentation Fault ---snip-- UNIX-EXT-SIGNAL: Segmentation fault(11), Process = CCSIP_SPI_CONTROL -
After the RP Switch over all the new calls were rejected with the following errors as well, which may be unrelated to the crash
--snip-- Dec 2 15:11:47: %VOICE_IEC-3-GW: SIP: Internal Error (INVITE, codec mismatch): IEC=1.1.278.7.110.0 on callID 17334189 Dec 2 15:11:49: %VOICE_IEC-3-GW: SIP: Internal Error (INVITE, codec mismatch): IEC=1.1.278.7.110.0 on callID 17334212 Dec 2 15:11:49: %VOICE_IEC-3-GW: SIP: Internal Error (INVITE, codec mismatch): IEC=1.1.278.7.110.0 on callID 17334218 ---snip---
Conditions: After two weeks of uptime and during normal load condition.
Workaround: Reboot the box to recover from the situation. The core file writing is incomplete as
TEMP_IN_PROGRESS ---- show stby-harddisk: all----- 142 2406627691 Dec 02 2013 14:11:14 00:00 /harddisk/core/kernel.rp_20131202191114.core.gz 149 79237120 Dec 02 2013 14:03:52 00:00 /harddisk/core/nyorbgdnesbc-dr_RP_0_linux_iosd-imag_6335.core.gz.TEMP_IN_PROGRESS
• CSCul84373
Symptom: Tech pubs will need to verify that there is no current documentation referencing the FPGA upgrade process for ASR1002-X utilizing the "upgrade hw-module subslot x/y fpd" command structure. This will be replaced with the new "upgrade hw-programmable..." process.
372Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: This DDTS brings in the support for upgrading the board FPGA on ASR1002-X using CLI 'upgrade hw-programmable fpga filename bootflash:image.pkg r0'. FPD support for BUILT-IN SPA will no longer be required after this so FPD is no longer supported for BUILT-IN SPA.
Workaround: There is no workaround.
• CSCul86646
Symptom: ESP reload when ping jumbo packet via gre tunnel.
Conditions: Ping packet size > 9800, tunnel mtu>9216 receive side will reload.
Workaround: Config IP MTU < 9216 in tunnel
• CSCul89581
Symptom: Supervisor not able to monitor Agent conversation Remotely where CCE-CVP at higher version and RSM at 9.1(1)Conditions: These is no condition.
Workaround: There is no workaround.
• CSCul96421
Symptom: Outbound calls over SIP trunk to provider fails.
Workaround: Downgrade Cisco IOS version to 15.2(4)M.
• CSCul96947
Symptom: Traceback appears on standby RP during SPA OIR.
Conditions: T1 channels are configured.
Then a random t1 channel is deleted and spa soft oir is done.
Workaround: There is no workaround.
• CSCum03790
Symptom: Immediately after the 200 OK is sent in response to the Re-Invite the ITSP sends a BYE as they expected the origin version id to increment. The lack of incrementation cause the call to be torn down by the ITSP.
Conditions: This problem was observed in the following scenarios :
Switchover from voice to faxChange in codec for voice calls
SDP content-length size is different in initial outgoing Invite to perform call setup than it is in 200 OK response to an inbound Re-Invite which causes the origin (o=) version in the SDP not to increment. CUBE however sees the content-length sizes as the same size.
Previous SDP content-length was 250, 399 was the current SDP content-length:
Workaround: There is no workaround.
• CSCum04325
Symptom: Duplicate entry seen in "sh lldp neighbor"
Conditions: if the physical link is a member of a etherchannel bundle. lldp packets are processed on the bundle UIDB.
Workaround: There is no workaround.
• CSCum04528
373Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: An ASR 1002-X router might crash and reload writing a core file in the process.
Conditions: ASR1002-X running NAT with ALG traffic
Workaround: There is no workaround.
• CSCum13378
Symptom: An ASR1K configured as an IPSec endpoint may fail to reassemble fragmented ESP packets . During this failure state, the router will also log %ATTN-3-SYNC_TIMEOUT errors.
Conditions: UDP packet of a specific size received on the clear side of the ASR is known to trigger this issue.
Workaround: Use software crypto for large packets received on the clear side by configuring post-frag encryption - crypto ipsec fragmentation after-encryption. This will prevent the ASR from getting into the ATTN_SYNC state.
• CSCum18039
Symptom: Traffic not flowing on a queue following QoS reconfiguration or new interface creation. Also possible inability to change QoS configuration on any interface or create new interfaces/sessions following occurrence of this condition.
Conditions: Queue was previously being over subscribed when it was deleted leaving it in a flowed off congested state such that it would never drain.
Workaround: There is no workaround.
• CSCum24009
Symptom: Transfer scenarios fail with ANAT and VCC (No DSP) configured
Conditions: Issue is observed for DODO.
Workaround: Apply DOEO configurations.
• CSCum40043
Symptom: Crypto sessions get stuck in UP-IDLE state in scale scenario on CSR platform.
Conditions: CSR with XE3.11.
Workaround: Bring the sessions up in very small increments e.g. of 40 sessions at a time initially and keep monitoring. When the sessions stop coming up for 40 sessions at a time, switch to smaller number e.g. 20.
• CSCum40306
Symptom: Router crashes during call transfer in SRST mode.
Conditions: Call transfer in SRST mode, including SCCP phones.
Workaround: There is no workaround.
• CSCum49213
Symptom: ESP crash
Conditions: None.
Workaround: Use debug platform hardware qfp active datapath trace packet for short periods of time.
• CSCum49437
Symptom: ucode crash@ipv4_nat_cgn_mode_dp_rel_mem on changing nat mode
Conditions: In a scaled setup on changing nat mode.
374Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: There is no workaround.
• CSCum55299
Symptom: Path-confirmation check failed on CUBE in SRTP-RTP call.
Conditions: Configure CUBE for SRTP-RTP call.
Workaround: There is no workaround.
• CSCum55357
Symptom: CUBE crashes for SIP-H323 Transcoding call.
Conditions: The issue is seen while running regression for Cisco IOS Release 15.3(3)M1.9.
Workaround: There is no workaround.
• CSCum56514
Symptom: A Cisco router running IOS XE may crash and reload after generating a ucode core file and logs similar to the following:
Notice 1531: KRZ: SIP0: pvp.sh: Process manager is exiting: process exit with reload fru codeError 1530: KRZ: SIP0: cpp_cp: cpp_cp encountered an error -Traceback=Error 1529: KRZ: SIP0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69) Error 1528: KRZ: SIP0: pman.sh: The process cpp_cdm_svr has been helddown (rc 69) Informational 1526: KRZ: F0: cpp_ha: Shutting down CPP MDM while client(s) still connected Informational 1525: KRZ: SIP0: cpp_cdm: Shutting down CPP MDM while client(s) still connected Informational 1527: KRZ: F0: cpp_ha: Shutting down CPP CDM while client(s) still connected Error 1524: KRZ: F0: cpp_ha: CPP 0 microcode crashdump creation completed.
Conditions: A Cisco router running IOS XE and traffic passing through the NAT path.
Workaround: There is no workaround.
• CSCum57306
Symptom: SCB leak seen when the Refer Call with error condition is run under laod
Conditions: Refer Call flow which fails.
Workaround: There is no workaround.
• CSCum60848
Symptom: Under certain conditions, a DSP will hang in certain call scenarios including REFER passthrough.
Conditions: Under heavy load.
Workaround: There is no workaround.
• CSCum61595
Symptom: Alignment errors are observed after upgrading to Cisco IOS Release 15.2(4)M5.
Jan 9 19:42:59.623 GMT: %ALIGN-3-CORRECT: Alignment correction made at 0x6477F81Cz reading 0x6BE87495Jan 9 19:42:59.623 GMT: %ALIGN-3-TRACE: -Traceback= 0x6477F81Cz 0x647805D0z 0x6478FE70z 0x64751088z 0x64B99F4Cz 0x64B99FD4z 0x64752284z 0x647525ACz
Conditions: This symptom does not occur under specific conditions.
375Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: There is no workaround.
• CSCum66182
Symptom: SNMP Query on the object dot3StatsDuplexStatus is shown as unknown.
Conditions: While testing Ether-Like MIB for ASR1000-6TGE.
Workaround: There is no workaround.
• CSCum67150
Symptom: Ingress MAC Acct stops working after doing a no mac acc on egress.
Conditions: None.
Workaround: There is no workaround.
• CSCum68074
Symptom: many packets are dropped for NatIn2out cause
Conditions: PAT, interface overload.
Workaround: PAT pool overload.
• CSCum68287
Symptom: GM reloads unexpectedly when enabling V6-crypto map on an interface with VRF-aware GDOI configs on the latest XE3.12 throttle images
Conditions: Seen on all ASR platforms, with latest XE3.12 throttle base images
This is 100% reproducible and extremely service impacting. This happens only when you enable "ipv6 crypto map" which has a local GM deny ACL associated with it.
Enabling v4-crypto map is fine.
Workaround: Do not use the local GM ACL for IPV6 crypto map. This may not be a feasible workaround in the field.
• CSCum69887
Symptom: NAT cann't handle the tcp sequence properly with LDAP ALG after pdu size changed. NAT will not handle the delta value for the right ack message but thereafter messages, which may cause mis-acked message flows between two endpoints.
Conditions: Send LDAP traffic with empty comment item in LDAP ALG.
Workaround: There is no workaround.
• CSCum73167
Symptom: LDAP ALG will encode the packet even there is no need to translate them, this will not impact function, but it is not necessary.
Conditions: LDAP ALG will encode the packet even there is no need to translate them.
When high priority traffic (ip precedence 6,7) is sent, the counters against "Input Non-Priority" rows increment.
When low priority traffic (ip precedence 0,1,2,3,4,5) is sent, the counters against "Input Priority" rows increment.
Conditions: This can occur when using esp100.
376Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: There is no workaround.
• CSCum77922
Symptom: CUBE fails to perform 407 Error Message Passthrough if it receives a 100 Trying before the 407 Proxy Authentication Required and sends a 503 Service Unavailable to the UAC.
Conditions: ITSP sends a 100 Trying before the 407 Proxy Authentication Required.
Workaround: Receive the 407 Proxy Authentication Required as first response to an Invite.
• CSCum78930
Symptom: The ICMPv6 error packet (too-big packet) with icmpv6 echo reply as payload is dropped by ZBFW.
Conditions: If the intermediate hosts generate icmpv6 error packets with icmpv6 echo reply as
pay load without properly fragmenting the packets as per the mtu of the v6 packet
flow, such icmpv6 errors packets will be dropped.
Workaround: Adjust the mtu of the v6 pack flow so that packets, especially t he icmvp6 echo reply
does not generate an error (too-big message).
• CSCum80300
Symptom: ASR1k running XE3.10 may crash in RP on executing the CLI "show crypto session"
Conditions: More than 1000 crypto sessions and executing the cli "show crypto session".
Workaround: There is no workaround.
• CSCum81041
Symptom: One way audio incoming calls redirected through CVP.
Conditions: None.
Workaround: There is no workaround.
• CSCum81717
Symptom: 183 session progress is blocked by the sip gateway.
Conditions: 183 session Progress is received with SDP and Require:100 rel header and "block 183 sdp absent" is configured.
Workaround: There is no workaround.
• CSCum83957
Symptom: A router may crash due to a bus error when running "show sccp connections sessionid".
Conditions: This has been observed on a 3900e router running 15.3(2)T.
SCCP features are configured on router.
Workaround: There is no workaround.
• CSCum84999
Symptom: SUBSCRIBE received from CVP after BYE and NOTIFY with subscription-state : terminates is send by CUBE.
Conditions: when SUBSCRIBE IS recieved after call is terminated with BYE.
Workaround: There is no workaround.
• CSCum85381
377Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: CUBE drops Method Notify (OOB Notify DTMF) in SIP to SIP call flows, when 183 Session Progress without SDP is received just after 183 Session Progress with SDP.
For Example:
CUCM --> SIP --> CUBE ---> ITSP
When Cube receives 183 Session (with SDP) from ITSP, it sends out Method Notify back to CUCM.
ITSP sends another 183 Session (without SDP), at this point, CUBE strips out NOTIFY towards CUCM. This causes CUCM to disable DTMF on this call.
Conditions: These is no condition.
Workaround: Add method Notify manually on the first leg using a SIP Profile.
Conditions: Configure the MAC accounting for any direction.
Issue the corresponding "No CLI".
Although No Visible Impact to the operations of the system, a required cleanup
operation is not performed.
Workaround: There is no workaround.
• CSCum90650
Symptom: When REFER based transfer failed with 503 in NOTIFY , CUBE tried to bridge the call , but CUBE retransmit REFER again even though got 503 service error :
Conditions: REFER passthrough.
Workaround: Eefer consume.
• CSCum93356
Symptom: CUBE doesn't send mp4a-latm fmtp attributes in early dialog UPDATE.
Conditions: This issue is observed in DO-EO call with flow-around configured and the SDP negotiation happens in early dialog.
Workaround: If SDP is negotiated in confirmed dialog , then this issue is not seen.
• CSCum93484
Symptom: Cisco 7301 router running EzVPN leaks memory when Crypto IKMP calls AAA API's which allocates memory for AAA attribute list.
Conditions: This symptom is observed in device running EzVPN, when it tries to allocate memory for AAA attribute list.
Workaround: Reload the router.
• CSCum99077
Symptom: fman_rp process crash. RP card reload.
378Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: When routing loop occurs in network and caused massive routing information update, an internal logic error may be triggered.
Workaround: Avoid routing loop.
• CSCun00783
Symptom: channel group wil link id > 4 is not configurable.
Conditions: whiel configuring the vlan based load balance.
Workaround: Use only link id 1-4.
• CSCun04417
Symptom: GTP U packet forwarding capability is downgraded.
Conditions: 1 firewall session.
Workaround: There is no workaround.
• CSCun08855
Symptom: ASR router crash with iosd punting packet to port-channel with ERSPAN configured on the router.
Conditions: port-channel and ERSPAN configured on the router.
Workaround: There is no workaround.
• CSCun09640
Symptom: The following errors are seen when adding a child policy to a parent policy while configuring hierarchical QoS.
%CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_cp: cpp_cp encountered an error %CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error%PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69)%PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_cp_svr has been helddown (rc 134)
This can result in a ESP (F Fabric) reload, causing a traffic outage
*Feb 13 07:39:05.829: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
Conditions:
– An interface with a service-policy applied.
– Adding/removing child policies on the parent hierarchical policy applied to the interface.
Workaround: Remove the policy from the interface before making the changes to the child/parent policy then reapply the policy to the parent.
• CSCun09753
Symptom: Ping failed with input errors when HDLC interf MTU set/removed.
Conditions: 1. set MTU (more than 2950) on HDLC interface , then remove MTU;
2. ping failed to peer HDLC interface.
Workaround: There is no workaround.
• CSCun10918
Symptom: PPP subscribers cannot be terminated in ASR1K, due to object locked.
Conditions: EVSI Delete Errors: Out-of-Order 0, No dpidb 0, Underrun 0, VAI Recycle Timeouts 90215 =======> large number of VAI recycle timeouts
379Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
EVSI wrong dpidb type errors 0
EVSI Async Events: Total 92754, HW error 88050 =======> large number of HW errors as well.
Workaround: remove QOS of the ppp.
• CSCun17558
Symptom: COS markings not seen properly on the dot1q interface.
Conditions: The issues are seen if fragment happened in data plane on the dot1q interface.
Workaround: There is no workaround.
• CSCun20274
Symptom: Standy RP source is not participating in clocking selection
Conditions: Stanby RP bits must be configured
Workaround: Remove and re-apply the stby-network-clk Source with different framing.
• CSCun20279
Symptom: At uRPF loose mode, the suppress drop counter on ASR1K will count packets even in case the packets are symmetric flow. ASR1K should not count symmetric flow packets as sdrop at uRPF loose mode.
Conditions: uRPF loose mode
Workaround: There is no workaround. This ddts does not have any service/traffic impact.
• CSCun20776
Symptom: An ASR router may display the following logs continuously:
Conditions: An ASR router running IOS XE with traffic flowing through it.
Workaround: There is no workaround.
• CSCun22771
Symptom: An ASR 1002-X router might crash and reload writing a core file in the process.
Conditions: ASR1002-X running IOS XE in a NAT-HA B2B scenario
Workaround: There is no workaround.
• CSCun23803
Symptom: Cisco isr4451-X unable to program extensive ACL entries into the forwarding engine. This is a to add an easy command to see how much of the router's sotware TCAM is available to estimate ACL planning.
Conditions: This is seen when the ACL entries are very long and more common when port ranges are used.
Workaround: Reduce ACL entries.
• CSCun24943
380Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: After route processor (RP) switchover, ezPM does not operate on the newly active RP. Records are not exported.
Conditions: Stateful switchover (SSO) is configured. Switchover occurs.
Workaround: Re-apply the ezPM configuration or switchover to the original RP after it recovers from failure.
• CSCun24965
Symptom: On the ASR1000 series router hen configuring a QoS service policy using the service-fragment type, the shaping value is not correct.
Conditions: A QoS Service Policy is applied using the service-fragment keyword, the shaped value is not correct.
Workaround: There is no workaround.
• CSCun25912
Symptom: When using the Anyconnect autoreconnect feature on the ASR platform, configurations dynamically applied to the virtual-access interface might be lost over the reconnection.
Example, the interface after initial connection establishment would have a QOS service policy applied:
Conditions: This has been observed with configurations being applied from the user AAA profile over Radius authentication.
Affected parameters observed are QOS service policies and access-group.
Workaround: 1. Do not use the reconnect feature
2. Apply those configurations directly to the Virtual-Template (if this is an option).
• CSCun26943
Symptom: In an INTRA-box redundancy configuration, the STANDBY FP and ACTIVE FP may not be syncing dplane HA records robustly.
The easiest way for the customer to recognize if this *might* be happening is by examining the output of the
show platform hardware qfp active system intra and the show platform hardware qfp standby system intra CLIs.
If the output shows the counters " rx dropped" and/or "retx" continuously incrementing, then this problem may have been encountered.
Conditions: DUAL FP systems with stateful HA features such as NAT configured.
Workaround: There is no workaround.
• CSCun28965
381Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: show ip nat translation filter range [inside | outside] [local|glocal] <start-ip> <end-ip> was not filtering the output as per the range specified.Conditions: These is no condition.
Workaround: There is no workaround.
• CSCun30321
Symptom: Major alarm observed on ASR1001
Conditions: After upgrade to XE3.10.2.
Workaround: There is no workaround.
• CSCun32035
Symptom: Configured following features as part of IWAN performance testing for UTAH platform
1. AVC
2. PFR
3. QoS
4. Appnav + WAAS
5. DMVPN
6. Crypto.
Make sure DMVPN and MPLS tunnel are up and performance monitor, WAAS and crypto are enabled for these tunnels.
Router crashes with traffic profile.
Conditions: Traffic profile includes, voice + http + media traffic.
Crash is seen as soon the traffic is initialized at less than 15 % of load.
Workaround: There is no workaround.
• CSCun35149
Symptom: Enable performance monitor on local switching interface.
Conditions: Two interfaces are connected as local switching.
Workaround: There is no workaround.
• CSCun36785
Symptom: ASR1002X production router acting as WAN-Aggregator reloaded unexpectedly after pushing the AVC configuration from Cisco Prime infrastructure through SSH session.
The config push was successful onto the box, and the flow statistics were exported properly to the PI.
However after Half an hour, the router reloaded with CPP mcplo_ucode crash and fman_fp crash
The box is configured with IKEv2 DMVPN and basic NAT, along with BGP and EIGRP. We had around 4 static NHRP tunnels from different branch locations terminating onto this box. All traffic from the branches were encrypted, decrypted on this router and NAT was applied to the decrypted traffic before sending it out of the Port-channel interface towards production network.
Conditions: Seen on ASR1002X running CCO IOS-XE version 3.10.1
The Crash has occured only once. Currently AVC configs has been backed out and the router is stable. This is seriously affecting the AVC deployment on the network.
Workaround: There is no workaround.
• CSCun37698
Symptom: An ESP might crash
382Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: The device has NAT and WCCP configured. It looks like WCCP fails to setup the output interface correctly. This leads to NAT accessing a bad location in memory which causes a crash. The exact conditions are still being looked at.
Workaround: There is no workaround.
• CSCun44581
Symptom: FOs of CFT features might not be released in case the featrue has unregistered from CFT before the flow aged..
Conditions: Feature of CFT (Stile,FNF,FME,CENT..) that allocated FO in the flow and then un-registered from CFT (i.e feature has been disabled) while another feature is still registered to CFT, the FO of that feature won't be released.
Workaround: Stop traffic before disable the feature or reload.
• CSCun48994
Symptom: The CP process crashes while collapsing a hierarchy layer node that had once exceeded 4000 entries. The collapse occurs when the number entries falls below 4000.
Conditions: This problem occurs while collapsing a node that had once exceeded 400 entries. The problem is specific to MLPPP, MFR and GEC aggregate because these features require notification when a schedule ID changes. The schedule ID changes when a scheduling node is reconstructed. The issue hit when the operation involves both the flushing and SID notification.
Workaround: There is no workaround.
• CSCun49087
Symptom: ASR1002x crash.
Conditions: Duty cycle testing with a lot of negative events in DMVPN setup.
Workaround: There is no workaround.
• CSCun51932
Symptom: Incorrect internal and external Dialtone for CPTONE DE.
Conditions: Cptone DE is configured under FXS ports.
Workaround:
Router# test voice tone DE dialtone 1 425 0 -200 -200 -240 0 0 0 65535 0 0 0 0 0 0 0Router# test voice tone DE 2nd_dialtone 1 425 0 -200 -200 -240 0 0 0 200 300 200 300 200 800 0 0Router# shut the voice-portRouter# Unshut the voice port
• CSCun55310
Symptom: An ATM-port might show input-errors of type overrun.
Conditions: They get counted so, because they hit an on-demand AutoVC, where the nature of the packets (for example ILMI or BPDU) should not raise the VC.
Workaround: The concerning VC could be configured as permanent or the packets should be prevented on neighbor device as it is seen as unwanted or unexpected traffic.
• CSCun56044
Symptom: When there is a small network flap, ASR sends below traps to the Monitoring tool.
1. When the adjacency goes down;
383Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
13.2.2014 04:25:08.430 CISCO-SESS-BORDER-CTRLR-EVENT-MIB Enterprise specific=3 enterprises.cisco.ciscoMgmt.ciscoSessBorderCtrlrEventMIB 47 csbAlarmSubsystem=signaling csbAlarmSeverity=0 csbAlarmID=47 csbAlarmTime=Thu Feb 13 02:25:08 UTC 2014 csbSBCServiceName=lah1-sbc1 csbAdjacencyState=detached csbAdjacencyType=sip csbAdjacencyName=Savonvoima-Lync csbAlarmDescription=This alarm is generated when an adjacency is attached to or detached from the sbe.
2. When it comes back;
13.2.2014 04:28:38.126 CISCO-SESS-BORDER-CTRLR-EVENT-MIB Enterprise specific=3 enterprises.cisco.ciscoMgmt.ciscoSessBorderCtrlrEventMIB 48 csbAlarmSubsystem=signaling csbAlarmSeverity=cleared csbAlarmID=48 csbAlarmTime=Thu Feb 13 02:28:37 UTC 2014 csbSBCServiceName=lah1-sbc1 csbAdjacencyState=attached csbAdjacencyType=sip csbAdjacencyName=Savonvoima-Lync csbAlarmDescription=This alarm is generated when an adjacency is attached to or detached from the sbe.
3.13.2.2014 04:28:38.376 CISCO-SESS-BORDER-CTRLR-EVENT-MIB Enterprise specific=3 enterprises.cisco.ciscoMgmt.ciscoSessBorderCtrlrEventMIB 49 csbAlarmSubsystem=signaling csbAlarmSeverity=0 csbAlarmID=49 csbAlarmTime=Thu Feb 13 02:28:37 UTC 2014 csbSBCServiceName=lah1-sbc1 csbAdjacencyState=attached csbAdjacencyType=sip csbAdjacencyName=Savonvoima-Lync csbAlarmDescription=This alarm is generated when an adjacency is attached to or detached from the sbe.
Conditions: ASR Version: asr1000rp1-adventerprisek9.03.11.00.S.154-1.S-std.bin
"snmp-server enable traps sbc adj-status" is added in the ASR configuration.
Workaround: There is no workaround.
• CSCun58672
Symptom: VTCP not send tcp segments according adjustment mss.
Conditions: TCP sync with mss 1460 from interface B, and Interface A sent out sync with mss 1390
tcp segments (tcp payload 1390) come from interface A observed tcp segments with tcp payload 1460 sent out via interface B
Workaround: There is no workaround.
• CSCun69811
Symptom: Actually customer on active box would only like to "no activate" a single delegate registration entry below.
Conditions: Sessions are deactivated and the stand-by router crashes.
Workaround: "no activate" command must be executed at the "delegate-registration" sub section. This will prevent the deactivation of the sessions.
• CSCun73233
Symptom: No way audio (silence) issue is noticed on transcoded SIP-SIP calls on CUBE when supplementary services like Hold/Resume or Call Transfer is invoked. Issue is observed with both SCCP based transcoding and LTI (Local Transcoding Interface) based transcoding.
384Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
When using SCCP Based Transcoding, "show sccp connection" output looks as below during no-way audio issue (Mode - Inactive, rport - Empty, ripaddr - Empty, conn_id_tx - Empty)
CUBE-2#show sccp connections sess_id conn_id stype mode codec sport rport ripaddr conn_id_tx65545 36 xcode inactive g729 16414 0 :: 65545 40 xcode inactive g711a 16412 0 :: When using LTI based transcoding, "show dspfarm dsp active" shows no entry of the call during no-way audioCUBE-2#show dspfarm dsp active SLOT DSP VERSION STATUS CHNL USE TYPE RSC_ID BRIDGE_ID PKTS_TXED PKTS_RXEDTotal number of DSPFARM DSP channel(s) 0
Conditions: IOS Release 15.3(3)M
Issue happens only under following condition.
1.When "midcall-signaling passthru media-change" is configured on CUBE
2.There is change in codec in one of the call leg after invoking supplementary services like Hold/Resume or Transfer
2.Use same codec through-out the call (Avoid change in codec behavior by controlling supported codec list)
• CSCun78318
Symptom: ACLs applied to the mgmte do not work on the new active RP after a RP switch over.
Conditions: After a RP switch over as the old standby RP becomes the new active RP.
Workaround: Remove then reapply the ACLs to the mgmte on the new active RP.
• CSCun83231
Symptom: After sub package ISSU operation is performed, ELC does not come up and following error messages are seen.
*Mar 19 23:10:10.607 PDT: %PMAN-0-PROCFAILCRIT: SIP1: pvp.sh: A critical process mcpcc_lc_ms has failed (rc 127)*Mar 19 23:10:10.865 PDT: %PMAN-5-EXITACTION: SIP1: pvp.sh: Process manager is exiting: critical process fault, mcpcc_lc_ms, cc_1_0, rc=127
Conditions: Issue is specific to ELC.
Issue is specific to sub package upgrade.
Issue is seen across all releases that support ELC.
ELC means ASR1000 Ethernet Line Cards - These are: ASR1000-2T+20X1GE and ASR1000-6TGE line cards.
Workaround: Consolidated upgrade can be performed.
• CSCun84368
Symptom: Netflow cache entry is not created for IPV6 flows and entries for IPv4 entries is not accurate . For IPv4 entries the BGP next hop is not updated and set to 0.0.0.0
Conditions: Upon Execution of RP switchover.
385Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: After RP switch-over, remove BGP configuration from Core router ("P") , and conifgure it back updaon BGP update on PE router, the BGP - NH will appear in FNF records.
• CSCun87352
Symptom: The ESP module in an ASR1000-series router may reload unexpectedly. In systems with an integrated ESP, such as the ASR1001 and ASR1002-X, this may result in a reload of the entire chassis.
Conditions: This has been observed on an ASR1001 running 15.3(3)S2 (IOS-XE 3.10.2S).
Flexible NetFlow is enabled.
Exact conditions currently unknown.
Workaround: Disabling Flexible NetFlow may prevent the crash.
• CSCun87685
Symptom: ASR1006/15.4(1)S crashed while adding port and host specific deny statements on specifc lines for the WCCP-Redirect ACL.
Conditions: Adding port and host specific deny statements on specifc lines for the WCCP-Redirect ACL.
Workaround: There is no workaround.
• CSCun89036
Symptom: Traceback when IPV6 traffic is transiting through ATM sub-interface
Conditions: Configuration of "atm route-bridged ipv6" configured at ATM sub-interface level.
Workaround: There is no workaround.
• CSCun91199
Symptom: NAT ALG not translating in case of multiple sip address in SDP.
Conditions: sip invite message containing oline and cline with different addresses and both need translationdynamic nat with acl configured.
Workaround: Simplify the ACL associated with NAT mapping configuration.
• CSCun92171
Symptom: CUBE's media anti-trombone feature does not work correctly when combined with the pass-thru content sdp feature. When the two features are enabled CUBE will return the wrong SDP on one call leg and does not properly switch from media flow-through to media flow-around.
Conditions: This was seen on 15.4(1)T with both media anti-trombone and pass-thru content sdp enabled.
Workaround: There is no workaround.
• CSCun96969
Symptom: During regular operations, a Cisco router running Cisco IOS release 12.4(24)T and possibly other releases experiences a crash. The crash info will report the following:
%SYS-2-FREEFREE: Attempted to free unassigned memory at 4A001C2C, alloc 4180794C, dealloc 417616B0,
%SYS-6-BLKINFO: Attempt to free a block that is in use blk 4A001BFC, words 134, alloc 4180794C, Free, dealloc 417616B0, rfcnt 0.
Conditions: These is no condition.
Workaround: There is no workaround.
386Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
• CSCtz97771
Symptom: The ASR1002 running IOS_XE 3.7.0 (15.2(4)S) crashed after a configuration change inf FNF.
%FMANRP_NETFLOW-3-INVALIDFLOWDEFCPP: CPP Flow definition can not be created 1Mar 19 12:18:33 lns3 1596693: -Traceback= 1#fcbfdf6899eea283341cebf8c5320ad1 :10000000+6FBFE8 :10000000+6FC394 :10000000+5B9F54C fnf_config:9DB4000+1B270 fman_rp:ED4B000+1D0764 fman_rp:ED4B000+1D0954 :10000000+3326E78 :10000000+330110CMar 19 12:18:33 lns3 1596694: Mar 19 12:18:32.268: %FMANRP_NETFLOW-3-INVALIDFLOWDEFCPP: CPP Flow definition can not be created 1Mar 19 12:18:33 lns3 1596695: -Traceback= 1#fcbfdf6899eea283341cebf8c5320ad1 :10000000+6FBFE8 :10000000+6FC394 :10000000+5B9F54C fnf_config:9DB4000+1B270 fman_rp:ED4B000+1D0764 fman_rp:ED4B000+1D0954 :10000000+3326E78 :10000000+330110CMar 19 12:18:38 lns3 1596696: Mar 19 12:18:35.546: %IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0Mar 19 12:18:38 lns3 1596697: Mar 19 12:18:35.561: %ASR1000_RP_ALARM-6-INFO: ASSERT MAJOR module F0 Unknown stateMar 19 12:18:38 lns3 1596698: Mar 19 12:18:35.561: %ASR1000_RP_ALARM-6-INFO: ASSERT CRITICAL module R0 No Working ESPMar 19 12:18:47 lns3 1596699: Mar 19 12:18:46.919: %SYS-5-CONFIG_I: Configured from console by icuk on vty0 (46.33.130.1)Mar 19 12:19:50 lns3 1596700: Mar 19 12:19:49.743:
Conditions: An FNF record that includes one of the following key/non-key fields configured along with an extracted field will trigger the trace back.
one or more fields derived from the below:
match/collect routing source/destination [peer] as [4-octet]
along with an extracted field such as :
collect application http host
Example:
flow record test-rec match routing source as 4-octet collect application http hostflow monitor test-mon record test-rec
Workaround: There is no workaround.
• CSCun97294
Symptom: Core dump won't be generated after kernel crash in x86_64 platforms.
Conditions: Kernel crash.
Workaround: There is no workaround.
• CSCun97760
Symptom: ASR running 15.2(4)S4 saw ESP crash due to corrupted H323 packet.
Conditions: ASR running 15.2(4)S4 saw ESP crash due to corrupted H323 packet.
Workaround: If customer don't need h.323 alg, a workaround is to disable h.323 alg:
no ip nat service h225.
• CSCun97966
387Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: txnpMaxMtuExceeded message seen when packets sent to crypto.
Conditions: When nated packet is sent to crypto, txnpMaxMtuExceeded is seen for some packets. Applicable only asr1k-2x, ESP100 and ESP200.
Workaround: There is no workaround.
• CSCuo02270
Symptom: Issues with source VLAN numbers while using with ERSPAN.
Conditions: VLAN greater than 1005 were not displayed in the running config. There is no service impact.
Workaround: There is no workaround.
• CSCuo02558
Symptom: Crash in cpp_cp_svr when executing 'show platform packet-trace packet all'.
Conditions: Crash can only occur when executing 'show platform packet-trace packet all'.
Workaround: Display a single packet at a time using 'show platform packet-trace packet <num>' instead of using 'all'.
• CSCuo02894
Symptom: Packet-trace statistics sometimes appear to report out-of-sync counts.
Conditions: Using packet-trace in IOS-XE3.11.
Workaround: There is no workaround.
• CSCuo09341
Symptom: ESP crashed.
Conditions: ESP crash observed while running 3.11.1
Workaround: There is no workaround.
• CSCuo09390
Symptom: ASR1K crash on netflow configuration change.
Conditions: When all current CVLA client features are unconfigured and registration happens from beginning for a new client, allocating initial chunk memory fails.
Workaround: Do not unconfigure every existing CVLA feature at once. Leave atleast one feature configured so that when a new feature is configured, CVLA does not have to allocate the initial chunk memory again. Leaving out atleast one CVLA feature configured will avoid the crash.
• CSCuo17719
Symptom: An ESP crash is seen with IPv6 ping to or from an interface configured with IPSec and FNF.
Conditions: The crash is seen when the size of the IPv6 ping is greater than the interface IPv6 MTU.
Workaround: There is no known workaround. However, this is not a common scenario for IPv6 as fragmentation is almost always handled by the sending host/application.
• CSCuo19730
Symptom: Cisco IOS XE includes a version of OpenSSL that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) ID CVE-2014-0160.
This bug has been opened to address the potential impact on this product.
388Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: Cisco IOS XE devices running release 3.11.0S, 3.11.1S or 3.12.0S and with the WebUI interface over HTTPs enabled. No other versions of Cisco IOS XE are affected.
Devices with the WebUI interface enabled and using HTTPs as transport protocol will include the following configuration:
transport-map type persistent webui http-webui secure-serverip http secure-servertransport type persistent webui input http-webui
Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S but WITHOUT the WebUI interface enabled, or with the WebUI interface enabled but NOT using HTTPs as transport protocol are NOT AFFECTED by this vulnerability.
Devices running IOS XE release 3.11.0S, 3.11.1S or 3.12.0S and with the HTTPs server enabled (by including in their configuration the line "ip http secure-server") are NOT affected. Both the HTTPs server and the WebUI interface need to be enabled for a device to be vulnerable.
Workaround: There is no workaround.
• CSCuo20090
Symptom: The saved ACLs applied to the mgmte from startup-config may not work after system reload.
Conditions: After system reload.
Workaround: Remove then reapply the ACLs to the mgmte after system reload.
• CSCuo27542
Symptom: ASR router crashes when using local static hosts for GTP APN dns resolving.
Conditions: Local hosts statically configured in router.
Workaround: Use external DNS server.
• CSCuo29770
Symptom: ESP fails to initialize and reboots. A message like the following will be seen on the IOS console:
The cpp_driver tracelog contains an entry which lists an A41C error code, indicating that the driver was unable to turn on termination. Here is an example:
01/01 16:22:35.120 [cpp-drv]: (ERR): COMP0053/dui/A41C: QFP0.0 - unable to turn on termination for DUI0
This is an intermittent failure, so the ESP will likely initialize successfully on the 2nd or 3rd attempt. This is an initialization issue, and once initialization completes successfully there are no further problems related to this condition.
Conditions: Only ASR1002-x, ESP100 and ESP200 are affected. Router configuration or traffic pattern do not affect this problem. The software is fixed in XE3.10.4S, XE3.11.2S, XE3.12.0S and later releases.
Workaround: There is no workaround.
• CSCuo30472
389Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: On ASR1K configured to do PBR with over 3000 lines of ACL entries , after a change on the match ACE, it stops working.
Conditions: ASR 1000 RP1 configured with over 3000 ACEs.
Workaround: There is no workaround.
• CSCuo38164
Symptom: Traceback and log error noticed
Conditions: While initiating H323 call with SBC feature.
Workaround: There is no workaround.
• CSCuo41590
Symptom: There are compatibility issues between certain IOS-XE versions and SM-ES3X. With some combinations of SM-ES3X firmware and some releases of IOS-XE, the SM-ES3X will not boot.
With the unsupported combinations, the SM-ES3X will not boot. An error
?*May 7 19:44:32.785: %SPA-3-MSG_PARSE_FAILURE:iomd: Failed to parse incoming message from SM-ES3X-24-P slot 2 subslot 0 board 0. The module software may require an update?
will be displayed on the IOS-XE console and the SM-ES3X will go into 'out of service' state as shown in the 'show platform' command.
router#show platChassis type: ISR4451-X/K9Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 0 ISR4451-X/K9 ok 00:16:02 0/0 ISR4451-X-4x1GE ok 00:13:52 1 ISR4451-X/K9 ok 00:16:02 1/0 SM-X-1T3/E3 ok 00:12:29 2 ISR4451-X/K9 ok 00:16:02 2/0 SM-ES3X-24-P out of service 00:07:54 R0 ISR4451-X/K9 ok, active 00:16:02 F0 ISR4451-X/K9 ok, active 00:16:02 P0 Unknown ps, fail never P1 XXX-XXXX-XX ok 00:15:32 P2 ACS-4450-FANASSY ok 00:15:32
Conditions: Versions of SM-ES3X modules is incompatible with some earlier versions of IOS-XE. SM-ES3x version EJ1 is only compatible with the following major release versions of IOS-XE, or later.
15.3(3)S4 (XE 3.10.4)
15.4(1)S3 (XE 3.11.3)
15.4(2)S (XE3.12.1)
Workaround: Ensure that a compatible combination of SM-ES3X and IOS-XE images are used. Upgrade/downgrade one or the other to get to a compatible pair.
• CSCuo47620
Symptom: Memory is leaked during session tear down. The following error message is logged to the console after the address space limit is exceeded.
on standby-ESP:
%CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit
390Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: When a policy with conditional policing enabled is removed, the traffic manager leaks 16 bytes of resource DRAM per target. The leak increases exponentially when tearing down more than 20000 PPP sessions. Though the system may still be operation, the control plane performance becomes severely degraded causing subsequent configuration processing to become very slow.
Workaround: There is no workaround.
• CSCuo55508
Symptom: A cpp-ucode crash is encountered.
Conditions: Using packet-trace to trace packets in a feature environment where packets are replicated using egress conditions.
Symptom: When remove OSPF from OTV setting, saw CPP-uCode crash.
Conditions: These is no condition.
Workaround: There is no workaround.
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S.
• CSCtd29571
Symptom: Fix warning message for the maximum MAC address filter supported
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCtt21586
Symptom: Kingpin "cc" bandwidth maxed out at 10G
Conditions: None.
Workaround: There is no workaround.
• CSCtw74124
Symptom: For a slot housing the Cisco ASR1000-SIP40, or on a Cisco ASR1002-X, the output of the show platform hardware slot <slot#> plim buffer settings detail command always shows the value of Max always as “0“ in the "Fill Status Curr/Max" filed, even when the Rx buffers have been utilized.
Conditions: When the SPA Aggregation ASIC has been flow controlled by the Network Processing Unit, the buffers inside the SPA Aggregation ASIC will start filling up.
Workaround: There is no workaround.
• CSCtx72973
391Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: Config-sync failiure is seen when unconfiguring the crypto gdoi group.
Conditions: Seen on HA setup.
Workaround: There is no workaround.
• CSCtz50465
Symptom: ISSU between incompatible images goes through.
Conditions: This happens for images between ISSU-break.
Workaround: There is no workaround.
• CSCua48282
Symptom: On ASR1K router, randomly observe the following error during ISSU MDR runversion, the error does not have funcationality impact.
*Jun 13 18:21:04.001 PDT: %CMCC-3-PLIM_STATUS: SIP2: cmcc: A PLIM driver informational error txnpMaxMTUExceeded, block 1e count 1
Conditions: None.
Workaround: There is no workaround.
• CSCua55528
Symptom: %SYS-3-CPUHOG Errors, and Trace backs seen while performing config replace
Conditions: Configurations are done on both ELC ports and 1 GIGE ports.
Workaround: There is no workaround.
• CSCua62284
Symptom: Can not synchronize SPI4 bus and PLIM error.
Conditions: None.
Workaround: There is no workaround.
• CSCub42703
Symptom: video_SDP_Passthru call are failing Bandwidth based on CAC.
Conditions: None.
Workaround: There is no workaround.
• CSCub71548
Symptom: On ANCP session, when DSLAM sends TCP-FIN, then ASR1K replies with TCP-ACK but does NOT send its own TCP-FIN. Or sometimes ASR1K replies, but with a delayed TCP-FIN.
Instead of graceful closure ANCP closed the connection later due to Keepalives Misssed.
Conditions: ANCP session established to DSLAM, and DSLAM terminates the TCP session with TCP-FIN.
Workaround: There is no workaround.
• CSCub87409
Symptom: Memory leak in oom.sh process RP and FP.
Conditions: None.
Workaround: There is no workaround.
• CSCuc82799
Symptom: MDR:A PLIM driver has critical error TXPA1 - txmcFifoEopMapUbe
392Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: None.
Workaround: There is no workaround.
• CSCuc91397
Symptom: When measuring No Drop Rate (NDR) with FNF configured on either a ESP100 or ESP200 can appear to be lower than expected particularly when compared with other ESP
forwarding cards. However, some of this is misleading as the method of computing NDR makes no distinction between startup effects and steady state peformance. Once traffic is flowing the steady state throughput is in line with what would be expected. Additionally, decreased export performance is seen, more significant in ESP200 then ESP100.
Conditions: Configuring FNF on ESP100 or ESP200 forwarding cards. If NDR script is run such that early drops (before system has reached steady state) are taken into account by the NDR
search then a misleading low NDR will be reported.
Workaround: Start traffic first before measuring NDR so that startup effects are avoided.
• CSCue61643
Symptom: When the encapsulation on pvc is aal5mux.
Conditions: Ping fails when encapsulation on pvc is aal5mux.
Workaround: Configure a different encapsulation aal2snap and make it default.
• CSCue76929
Symptom: enhance crypto-engine packet drop cause.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCue91054
Symptom: ESP crashed when sending IPv6-fragmented traffic through DMVPN hub (MGRE tunnel).
Conditions: This condition occurs when sending big IPv6 packets (need to do IPv6 fragmenation after adding tunnel header) traffic through DMVPN hub. Large amout of IPv6 fragment traffic, for example, 5G on ESP20, which exceeds re-assembly performance number that is less than 2G.
Workaround: Change MTU to avoid IPv6 fragmentation.
• CSCue92637
Symptom: Review comments for CSCue17512/CSCue93536 (Phy Interrupt Handler)
Conditions: None.
Workaround: There is no workaround.
• CSCuf14884
Symptom: dummy packet generation per SA does not follow configured interval.
Conditions: While performing an active RP failure during ASR1006 subpackage MDR upgrade
Workaround: There is no workaround.
393Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
• CSCuf73907
Symptom: asr1k:elc:wrong display for EVC in "sh bd" for Ten Gig links of ELC
Conditions: None.
Workaround: There is no workaround.
• CSCuf82128
Symptom: ASR-CUBE: Crash observed with DSMP.
Conditions: Load scenario issue is observed.
Workaround: There is no workaround.
• CSCug19588
Symptom: IKEv2 TPS performance degradation over time.
Conditions:This occurs in the lab under extreme test conditions with traffic running during session bring-up.
Workaround: Reduce traffic and or reduce session bring-up rate.
• CSCug42906
Symptom: eXpresso support for BelAir
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCug47592
Symptom: PLIM Driver Error Messages observe while booting.
Conditions: On ASR1002-X router during booting.
Workaround: There is no workaround.
• CSCug58572
Symptom: DM Funcunality collapsed for camaro devices.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCug60382
Symptom: NTE payload type is renegotiated as asymmetric which some device cannot support.
Conditions: Mid call late invite to trigger renegotiated and the answer in SDP from initiator has different nte payload type as nte payload from offer 200(invite) in other side.
Workaround: Remove nte payload in ACK using lua script.
• CSCuh11621
Symptom: Nightster: Shut/No-Shut on Nightster bay0/1 causes PLIM driver Errors
Conditions: None.
Workaround: There is no workaround.
• CSCuh23721
Symptom: %SNMP-3-DVR_DUP_REGN_ERR tracebacks seen on any-to-any oir, replaced 8CE1T1 (with max channels) with 1CE1T1 and on configuring max (31) channel-groups on 1CE1T1during any-to-any oir.
Conditions: Seen on any-to-any oir configured with max channels.
394Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: There is no workaround.
• CSCuh29125
Symptom: in meetme confernece calls, the call-id/tag modification for NOTIFY work for pre-INVITE NOTIFY, but it seems does not work pre-BYE NOTIFY
Conditions: There is no known condition.
Workaround: There is no workaround.
• CSCuh55816
Symptom: Ensure that all ios-xe image contain the CW_ strings during loadbuild
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuh62666
Symptom: All packets punt to RP for GEC interface.
Conditions: Config and remove ethertype for GEC interface.
Workaround: There is no workaround.
• CSCuh95602
Symptom: Self bound traffic dropped by firewall.
Conditions: NAT64 is configured and traffic is sent from IPv6 client (in) to IPv4 egress interface of UUT (self).
Workaround: There is no workaround.
• CSCui09671
Symptom: GEC: recycle bundle can't keep up on Yoda platforms
Conditions: None.
Workaround: There is no workaround.
• CSCui20319
Symptom: Pending issues/ack is observed on ESP
Conditions: Must meet all following conditions:
1. When port-channel vlan loadbalacing mode is enabled on Port-channel EVC with large scale of EFPs on one port-channel (8000 in this case)
2. EFPs on Port-channel are assigned to different links.
3. When the efps and port-channel are remove using one command "no int port-channel x"
4. Then the scale config and link assignment are added back by copying back the scale config
Workaround: Separate EFP removal and port-channel link removal (remove efps, the remove int port-channel) separate EFP config and port-channel link config (add EFP first, then add links to port-channel).
• CSCui43325
Symptom: Traffic blackhole for v6 SSM groups after flapping bgp loopback interface on the egress PE
Conditions: This condition is observed during BGP loopback interface flap
Workaround: Unconfigure-reconfigure the mdt default command under the v6 address-family for the vrf
395Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
• CSCui45088
Symptom: While changes the ip address configuration on Management interface we are seeing link flap from link down to link up.
Conditions: Management interface should be in up state.
Workaround: There is no workaround.
• CSCui57016
Symptom: Deactivating container takes long time due to symbolic link.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCui64579
Symptom: ping failed with packet size over 10184.
Conditions: MPLS mtu max enabled for MPLSomGRE tunnel
Workaround: Disable MPLS mtu max.
• CSCui96224
Symptom: show crypto ipsec interface <interface-name> platform is listing the output of show platform software ipsec fp active interface all instead of selecting the right interface ID
Conditions: Using the new platform command.
Workaround: There is no workaround.
• CSCuj19293
Symptom: Bindings are present after inconfiguring Static NAT mappings
Conditions: This symptom is observed when static NAT is mapped with route-map
Workaround: There are no workaround.
• CSCuj23729
Symptom: "uc wsapi" cannot be configured on S train platforms (juno)
Conditions: None.
Workaround: There is no workaround.
• CSCuj25221
Symptom: CPP process crash during a change in the loopback ip address used as a DNS NAT source.
Conditions: Change in the ip address.
Workaround: There is no workaround.
• CSCuj36793
Symptom: Commit of CSCud71821 is causing a problem during MDR; the reload causes the cc to go offline and a rommon status of bad_rommon is shown.
Conditions: None.
Workaround: There is no workaround.
• CSCuj38420
Symptom: No alias interface for dynamic NAT.
Conditions: Overload configured for dynamic NAT.
396Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: remove Overload.
• CSCuj44771
Symptom: Queue_depth value incorrect with FRR Scaling
Conditions: Queue_depth values are not getting back to the original value(0) while shuting the interface
Symptom: In the lisp getVpn solution test, when the getvpn profile is applied in physical interface in the data path flow (such as interface between GM1 to core), the traffic got dropped with qfp error of "IpsecIkeIndicate"/"OUT_V4_PKT_HIT_IKE_START_SP" when the getvpn profile is applied to the LISP0 interface, Encrypted traffic flows in the LISP setup properly
Conditions: getvpn profile is applied to the physical interface instead of lisp interface.
Workaround: Apply getvpn profile in lisp interface.
• CSCuj55984
Symptom: GetVPN crypto gdoi re-reg fails
Conditions: When active traffic and when the WAN intf flaps
Workaround: Issue "clear crypto gdoi" on UUT.
• CSCuj56749
Symptom: SPA FPD Recovery Upgrade failure for SPA-4XT-SERIAL
Conditions: None.
Workaround: There is no workaround.
• CSCuj73916
Symptom: Traceback seen.
Conditions: while running ISAKMP D10 suite during codenomicon testing.
Workaround: There is no workaround.
• CSCuj76325
Symptom: Build issues occurs in CEL 5.5, as config.sh the older java compliler.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuj79520
Symptom: Increased use of global addresess over time while running PAP.
Conditions: NAT PAP enabled along with vrf on outside interfaces.
Workaround: If global address pool becomes deleted, it may become necessary to clear ip nat translations or reload the CPP.
• CSCuj82418
397Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: CUBE-SP data plane forwording capacity drops.
Conditions: NNI performance test.
Workaround: There is no workaround.
• CSCuj82421
Symptom: the board will not be shutdown expectedly
Conditions: configure "facility-alarm critical exceed-action shutdown". A sensor in remote FRU exceeded the shutdown temp.
Workaround: shutdown the remote board manually.
• CSCuj83079
Symptom: AVC performance results are not stable.
The deviation can be up to 13%.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuj84220
Symptom: Nightster: 10GE Eval license does not transition into In-Use status.
Conditions: None.
Workaround: There is no workaround.
• CSCuj89036
Symptom: IOSd crashes following an OIR of an eToken.
Conditions: OIR activity on either USB port of a single eToken.
Workaround: Do not OIR an eToken.
• CSCuj92874
Symptom: Matching ms-office-web-apps traffic under it's attributes doesn't work.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuj93637
Symptom: NBAR stop to work after reload with getvpn configuration.
Conditions: This symptom is observed when SSO is configure on the box.
Workaround: Remove the crypto map from the interface and attach it again.
• CSCul01335
Symptom: FP may crash
Conditions: This symptom is observed on changing pap limit from 30 to 60 with traffic on
Workaround: There is no workaround.
• CSCul01776
Symptom: Oracle-sqlnet signature may be to broad and needs some adjustment. Current implementation may cause some degradation in performance but has no impact on classification.
Conditions: Relevant where protocol discovery (or oracle-sqlnet QOS) is applied.
Workaround: There is no workaround.
398Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
• CSCul03480
Symptom: mcp_dev: Need to fix name of epoch file or change the tdlresolve.sh.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul10111
Symptom: Loopback Led is not changing to Amber in Javelin T3E3 spa in Encap PPP.
Conditions: None.
Workaround: There is no workaround.
• CSCul12632
Symptom: SPA-8XCHT1/E1: show version doesn't show serial i/f info sometimes.
Conditions: None.
Workaround: There is no workaround.
• CSCul16548
Symptom: The 'show crypto ipsec sa peer <address> platform command may be incorrect for ESP 200 on ASR1K.
Conditions: The crypto context information will be incorrect for all the IPSec SAs programmed on crypto device 1 on an ESP 200.
Workaround: Use the 'show platform software ipsec fp active encryption-processor 1 context <context id>' command manually to get the crypto context information.
• CSCul17693
Symptom: On the ASR1000 platform family, CISCO-ENHANCED-MEMPOOL-MIB & CISCO-MEMORY-POOL-MIB show lsmpi_io pool with little free memory. As a result, various SNMP management software applications may generate an error/notification.
Conditions: This condition is shown from the moment the router boots up.
The lsmpi_io pool is used on the Route Processor of all ASR1000 routers. Unlike other IOS versions IOSd on the ASR is a process running on IOS XE. IOSd has a single logical interface which communicates to IOS XE. This interface is called the Linux Shared Memory Punt Interface (LSMPI). When the ASR1000 boots the lsmpi_io pool is created and nearly all of the memory is allocated up front by design. Therefore, the little free memory shown in the MIBs is by design and does not indicate an error condition.
The LSMPI interface is described further in this document:
http://tools.cisco.com/squish/b64AB
Workaround: There is no workaround for the lsmpi_io pool having little free memory. If some other piece of software is generating alarms for this reason the management software needs to be adjusted.
• CSCul24025
Symptom: ASR1K crash @__be_slaComponentProcessEvent when unconfigure ip sla udp-jitter.
Conditions: configure 4000 CPP timestamp IP SLA udp-jitter and then unconfig all.
Workaround: There is no workaround.
• CSCul27478
Symptom: Time sync problem between QFP and IOS.
399Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
This out of sync appears at some platforms and causes complete breakage of punt performance monitors.
Conditions: asr1002 RP1 ESP5 and asr1004 RP2 ESP20 after system reload
Workaround: ntp server configuration is must.
delay after reload was done for a system 5-40 mins.
Two inside global addresses for the same inside local address.
Sufficient pool to handle one-to-one translations.
Conditions: IPv4 nat - ip nat inside source route-map <route-map> pool <pool> reversible
SIP traffic.
Workaround: There is no workaround.
• CSCul90950
Symptom: re-commit the image file csr_mgmt_rel.tgz to mcp_dev.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul93069
Symptom: Multiple Tracebacks are seen.
Conditions: no ip arp inspection.
Workaround: There is no workaround.
• CSCul97900
Symptom: IPSUB EVSI Create Error counter is incremented post churn test.
Conditions: None.
Workaround: There is no workaround.
• CSCum03117
Symptom: Verify traffic not flood to fwd vfi when efp and vfi in same BD.
Conditions: traffic flood is wrong with same BD
Workaround: There is no workaround.
• CSCum03368
Symptom: Multiple Tracebacks are seen.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCum03368
Symptom: CSR1000V crash upon applying policy-map.
Conditions: Normal testing condition.
Workaround: There is no workaround.
402Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
• CSCum09359
Symptom: Few sessions remain stuck in "ack-wait" state after overnight churn test.
Conditions: None.
Workaround: There is no workaround.
• CSCum12453
Symptom: ASR1K: Prowler SPA: Tail drop of imix traffic and ESP crash.
Conditions: None
Workaround: There is no workaround.
• CSCum25373
Symptom: Traceback is seen
Conditions: MSRPC regression test (mcp_alg_msrpc.tcl) is run.
Workaround: There is no workaround.
• CSCum52407
Symptom: $$IGNORE Code changes made to run on non-secureboot ARGUS do not work on Secureboot P2 cards.
Conditions: $$IGNORE modify existing rommon so that same code can be compiled to run on both SB and non-SB cards through a compile-time switch.
Workaround: There is no workaround.
• CSCum68577
Symptom: UCSE sub-interface configuration not available.
Conditions:
Router# conf tEnter configuration commands, one per line. End with CNTL/Z.4451-2013(config)#int ucse 1/0/0.1% Invalid input detected at '^' marker.4451-2013(config)#int ucse 1/0/1.1% Invalid input detected at '^' marker.4451-2013(config)#4451-2013(config)#end4451-2013#4451-2013#
Workaround: There is no workaround.
• CSCum68727
Symptom: Ulord: Utah & CSR hal_state_reset() called multiple times per packet
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCum73773
Symptom: QFP crash
Conditions: remove ip nat setting mode and run "sh pl hard qfp ac statistics drop".
Workaround: There is no workaround.
• CSCum78764
Symptom: MTP dependent fix.
403Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCum82701
Symptom: MPE max llength filter.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCum89375
Symptom: Kingpin: no kernel core on Watchdog.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCum91756
Symptom: Ultra: DOD part II performance improvements for 1/2/4vCPU.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCum92033
Symptom: 3.13 nbar version needs update.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCum94365
Symptom: 2KP:%IOSXE-3-PLATFORM: R0/0: kernel: bullseye_i2c_ Error seen on mcp_dev.
Conditions: None.
Workaround: There is no workaround.
• CSCum99115
Symptom: ELine:Def Encap-Access intf connect to PE goes downon shut service Inst.
Conditions: None.
Workaround: There is no workaround.
• CSCun01920
Symptom: When configured as VTEP [virtual tunnel end point] -Router stops processing any data. It even fails to establish the OSPF neighbor relationship post the reload.
Conditions: When configured as VTEP [virtual tunnel end point] -Traffic stops on all Ports of the Ethernet Linecard after sometime. The problem also happens with packets going out of the ELC Ports having Multicast MAC address as destination MAC in the Ethernet header.
Workaround: The problem occurs only with ASR1000-6TGE/ASR1000-2T+20X1GE if any of the 1G/10G ports have egress Multicast MAC traffic.
• CSCun09973
Symptom: esp reloaded when received incorrect l2tp packet.
Conditions: l2tp packet with incorrect udp length.
Workaround: enable the checksum ignore.
• CSCun15169
404Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Symptom: Tracebacks seen after router reload in scaled PPPoE Environment.
Conditions: None.
Workaround: There is no workaround.
• CSCun30311
Symptom: 'show platform software status control-processor brief' on ASR1K inserted with ASR1000-6TGE & ASR1000-2T+20X1GE will show the card status as unknown.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun31122
Symptom: Tracebacks are seen on a debug disable when conditions are set for ATM customers using PPPoE.
Conditions: When using debug conditions together with PPPoE debugs on undebug all the Tracebacks are thrown.
Workaround: Currently no workaorund present since also no visible service impact.
• CSCun32287
Symptom: The maximum number of ifHCInOctets is 2^64-1 but this counter can decrease before reaching the maximum number.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun39803
Symptom: Intermittent connectivity loss between hosts at different OTV sites. Pinging from one host to the other more than 8 times restores connectivity for about 8-10 minutes. Packet captures show ARP request broadcasts from a host at one site not being received by the host at the other site for about 7-8s, and then suddenly starting to work.
This problem has a tendency to get worse over time, with more and more hosts being affected over the course of a week or two until connectivity between sites is essentially gone
Conditions: ASR1K running 15.4 or 15.3 code, possibly earlier code, with OTV configured.
Workaround: None on the ASR thus far. Statically configuring ARP entries on the hosts will work.
• CSCun41391
Symptom: FP crash after the IOS-XE upgrade to 3.11.0S
Conditions: ASR1k router running 3.11.0S
Workaround: There is no workaround.
• CSCun48024
Symptom: SPA in one of the sub-slots of SIP remain in "inserted state" even after the removal and re-insertion. Also the "insert time" does not get reseted even after removal and re-insertion.
Conditions: The problem is seen when there is rapid insert and removal of SPA in a slot on ASR1000. The image in which problem seen is 15.1(3)S ( XE34) release. The problem is not seen in 15.2(4)S XE37 release.
Workaround: Reload of entire router.
• CSCun52653
Symptom: RP2:"cpp_cp_svr" core seen on XE311
405Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun56801
Symptom: Customer is trying to configure a new router with a 3g hwic integrated. When using command show cell 0 all , message error modem no present, but show inventory found modem PID is 819-3g-v.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun57777
Symptom: Broadcast Packets are droped after adding EVC config to ASR1002. The issue happens on and before 03.09.02. The issue doesn't happen on and after 03.10.00.
After adding evc config, broadcast packets are droped, L2BDReplicationStart is counted, and replication tree information disappears.
Conditions: on and before 03.09.02.
Workaround: To execute 'no shutdown' under service instance before configuration change.
• CSCun59468
Symptom: CSR1000v MinTu Drops for 1501 through 1505 Byte Packets.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun59544
Symptom: ASR1k stops processing new PPPoE sessions, IPoE ISG sessions are not affected.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun61454
Symptom: entPhysicalFirwareRev and entPhysicalHardwareRev is not correct for ASR1000-6TGE/ASR1000-2T+20X1GE.
Conditions: When ENTITY-MIB is queried through SNMP.
Workaround: There is no workaround.
• CSCun62047
Symptom: ASR1k: Cleanup tracebacks seen while testing CEoP SPA-24CHT1-CE-ATM.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun69752
Symptom: multicast packet is not reassembled(VFR) on lisp + getvpn.
Conditions: lisp+getvpn configuration, router receive multicast and fragmented packet.
Workaround: There is no workaround.
• CSCun75663
Symptom: ASR1K Stanbdby RP remains in init state for about 15 minutes during bootup.
Conditions: Atleast one of the SIP should be in shutdown/disabled state during bootup.
406Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: There is no workaround.
• CSCun83572
Symptom: Move the src/dst tmp storage out of the if (frag_info) {} scope.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun86123
Symptom: ATOM port-mode xconnect is up, but all traffic is under that l2 vc is dropped and statistics under "show mpls l2 vc detail" are zero.
Conditions: On reloading the router mutiple times continuously with traffic on port-mode ATOM vc, at times the VC does not come up.
This issue is seen only on the SPA SPA-2CHT3-CE-ATM.
Workaround: shut/no shut of the controller on which the port-mode ATOM vc is created.
Symptom: Active router crashes in B2B scenariio when standby not syncing.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun88172
Symptom: Added counters for increased visibility of errors in Cablevision network.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun88935
Symptom: A log message %IOSXE_SPA-6-UPDOWN: Interface TenGigabitEthernet2/0/0, link down due to local fault is seen while 10G interface is configured for admin down.
Conditions: Seen only for 10G interface.
Workaround: There is no workaround.
• CSCun89310
Symptom: IPv6 DHCP PD based streams get dropped during RPSO due to IPv6 proc hike.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun90447
Symptom: For 6PE/6VPE MPLS configurations, FNF will report the BGP neighbor for IPv6 flows in the IPv6 BGP Nexthop field as the IPv4 neighbor address interpreted as an IPv6 Address. For example, an IPv4 BGP nexthop address of 107.0.0.2 will be reported as an IPv6 BGP nexthop address of 6B00:2::.
407Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: The mis-reporting happens when using an FNF MPLS flow monitor configured with a flow record containing an IPv6 BGP nexthop address field with IPv6 flows through an MPLS core configured as either 6PE or 6VPE.
Workaround: The IPv6 prefix value reported can be re-interpreted as an IPv4 address using the first 32-bits of the IPv6 prefix.
• CSCun91087
Symptom: O2 router crashes with non-default firmware intermittently.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun92140
Symptom: QFP memory depletion results after a number of NBAR configurations with the traffic flows.
Conditions: Provision and unprovision NBAR on interfaces a number of times with traffic flows.
Workaround: Wait about 3 minutes after unconfiguring complete NBAR feature.
• CSCun92199
Symptom: ucode crash with sip traffic.
Conditions: After doing couple of events like redudancy reload multiple times and with SIP traffic.
Workaround: There is no workaround.
• CSCun92244
Symptom: active router creates binds with same gaddr, gport for >1 lport.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCun96598
Symptom: SNMP query on DS3-MIB objects like dsx3LineLength, dsx3LineStatusLastChange, dsx3LoopbackStatus and dsx3Channelization are showing value 'zero' for SPA-2XT3/E3 card.
Conditions: Testing DS3-MIB objects on 2XT3/E3.
Workaround: There is no workaround.
• CSCun99798
Symptom: SNMP query on dot3Stats counters are not updating on ASR1000-6TGE card and ASR1000-2T+20X1GE.
Conditions: While testing EtherLike MIB.
Workaround: There is no workaround.
• CSCuo03834
Symptom: Entity alias mapping and if table entry missing for USB ports in ASR1002-X built-in RP.
Conditions: ASR1002-X running with asr1002x-universalk9.03.08.01.S.153-1.S1.SPA.bin.
Workaround: There is no workaround.
• CSCuo04629
Symptom: ISSU:XE310 ->XE311:SIP fails to come online after CC/SPA upgrade.
Conditions: There is no condition.
408Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: There is no workaround.
• CSCuo05164
Symptom: Sequence number reuse is disabled with anti-replay disabled.
Conditions: sequence number will not be reused.
Workaround: There is no workaround.
• CSCuo11149
Symptom: SPA FPD recovery fails for SPA-4XT-Serial on 1RU and 2KP if it is done second time.
FIrst time the recovery works fine, but ig the SPA is corrupted again then it is not recovered.
Conditions: OIR/removal of SPA during FPD upgrade send the SPA into out-of-service state.
You can recover it once. But if it again it went to out-of-service state then recovery doesn't works.
Workaround: Either reload the router or recover the SPA on nightster router.
• CSCuo11179
Symptom: stby-rp crashing with Process = SSS PM SHIM QOS TIMER during session churn + rp fail-over.
Conditions: Switch over with scale sessions.
Workaround: There is no workaround.
• CSCuo17427
Symptom: CFM ETHER Failed with EVC local connect on dot1q and untag.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo26733
Symptom: CAC compound scope src-adj,dst-adj cannot be configured
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo31506
Symptom: Traffic drop in getvpn and lisp scale setup.
Conditions: Traffic is dropped after ipsec flap.
Workaround: There is no workaround.
• CSCuo31517
Symptom: Autoneg status on copper SFP is always displayed as completed.
Conditions: ASR1k-BUILTIN-2x10GE-20x1GE ports with copper SFP (SFP-GE-T) inserted on 1GE port.
Workaround: There is no workaround.
• CSCuo31667
Symptom: Badly formed RTP" drop counter increases unexpectedly. This issue is recovered by reloading the SBC.
Conditions: This issue is seen with tele-presence call.
Workaround: Reload the SBC.
409Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
• CSCuo31931
Symptom: Fman-fp crash is seen @ aom_obj_str.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo37411
Symptom: ASR1K CPP crashes with stuck thread in ipv4_nat_pat_block_to_front.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo37461
Symptom: Tunnel interface QoS may not work after route distance change.
Conditions: This happens when there are multiple tunnel interfaces whose traffic is all tunneled to the same physical interfaces, with multiple routes for each tunnel traffic, where route distance determines the physical interface for the tunnel traffic.
With QoS applied to the tunnel interfaces, when the tunnel traffic route distance is changed to select different physical interface, the QoS on that tunnel interface no longer works, after the change.
Workaround: Change the routes for all tunnels to the same physical interface.
• CSCuo40409
Symptom: Traceback seen in B2B NAT when redundancy group flaps under heavy traffic load.
Conditions: Heavy Traffic Load, Active Router should go down and preempt its role as Active after it comes up.
Workaround: There is no workaround.
• CSCuo40653
Symptom: A traceback is seen, which is not really pointing to an error.
Conditions: The tracebacks were seen around ESP-crash.
Workaround: There is no workaround.
• CSCuo42772
Symptom: The user can't configure erspan session destination port.
Conditions: The user can not configure the erspan destination port when the port index exceed the 9215.
Workaround: Reload system.
• CSCuo43912
Symptom: SNMP Query on the object dot3StatsFrameTooLongs is showing the count of "0" on ISR4451 platform.
Conditions: While testing EtherLike-MIB.
Workaround: There is no workaround.
• CSCuo45683
Symptom: tail dropping for PPPoEoA sessions
used HW: SPA-3XOC3-ATM-V2.
Conditions: Wrong behavior or congestion although ATM interface load is clearly below any critical value.
410Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
conditions are not clear
Workaround: There is no workaround.
• CSCuo48252
Symptom: ATM SPA console (ipc-console x x; show log) log errors:
*Mar 27 14:47:27.310: tsp3_setup_egress_ch(SPA ATM1/0 SAR) Error: rc=2013 on line 225SPA ATM1/0 SAR: An error was reported by SAR driver, while executing a command:
Description: setup VC command failed, port 1 vpi/vci 19 / 61 [Error code 2013]SPA ATM1/0 SAR: An error was reported by SAR firmware while executing a command:
Description: rsy open chan: Channel Descriptor in use [Error code 2]*Mar 28 05:19:20.230: tsp3_setup_ingress_ch() Error: rc=2024 on line 474SPA ATM1/0 SAR: An error was reported by SAR driver, while executing a command:
Description: setup VC command failed, port 2 vpi/vci 13 / 141 [Error code 2024]SPA ATM1/0 SAR: An error was reported by SAR firmware while executing a command:
Description: rsy open chan: Channel Descriptor in use [Error code 2]
Conditions: Auto VC feature used; VCs set up / tear down at a high rate.
Workaround: There is no workaround.
• CSCuo49765
Symptom: There's a mismatch between the power threshold values in the "show hw-module subslot x/y transceiver z idprom detail"outputs and the power threshold values in the SNMP polling results.
Conditions: The router is using CWDM SFP.
Workaround: There is no workaround.
• CSCuo50995
Symptom: The IP Identification field of packets sent from a ASR1000 acting as an IAP to a Mediation Device/MD always have the value set to zero.
Conditions: This behaviour has been observed on multiple IOS-XE release, including the current latest 3.12S release.
Workaround: Configure the MTU of the IAP, MD and interconnecting devices to avoid fragmentation.
• CSCuo55610
Symptom: Incomplete kernel core file with filename ending in .TEMP_IN_PROGRESS.
Conditions: Active RP kernel core dump in dual RP2 systems.
Workaround: There is no workaround.
• CSCuo56920
Symptom: ULTRA XE313: KVM Cloned VM stuck in booting.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo58520
Symptom: XE313 : NAT Traceback @cpp_nat_ea_trans_common_cb ; changing NAT POOL.
Conditions: There is no condition.
411Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Workaround: There is no workaround.
• CSCuo60225
Symptom: XE313 : ucode crash while changing NAT mode with B2B HA
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo61455
Symptom: Crash of ASR1k running IOS-XE 3.10.2S or 3.11.1S with Carrier Grade NAT (CGN) configured.
Conditions: ASR1k running IOS-XE 3.10.2S or 3.11.1S with Carrier Grade NAT (CGN) configured.
Workaround: Disable CGN:
"ip nat settings mode default"
• CSCuo61782
Symptom: XE313 : PAP address allocation issue.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo61810
Symptom: XE313 : Crash @ipv4_nat_bpa_free_bpa while changing PAP limit and BPA
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo62650
Symptom: While testing ISSU for xe37_netflow_ipfix and xe37_nbar forwading feature , observing cache entries is missing with netflow feature , and nbar gig interface stats count were not shown with nbar feature after Final ISSU upgrade.
Conditions: Issue is seen in both upgrade and downgrade in 4RU-RP1 platform alone.
Workaround: There is no workaround.
• CSCuo63083
Symptom: Conditional Policing not working correctly.
Conditions: When a conditionally policed node is moved to a different congestion node, the conditionally policed node is still referencing the previous congestion node, resulting in incorrect conditional policing behavior.
Symptom: When adding a Fair-Queue QoS class to a existing QoS policy on a interface, the Fair Queue policy is not added correctly. This results in other queuing classes on the same policy not getting the expected behavior.
412Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: If the Fair Queue class is added to a existing policy-map which is attached to one or more interfaces.
Workaround: Problem can be overcome by simply removing and reapplying the service-policy to the interface.
• CSCuo72654
Symptom: On ASR1k copper port, the interface doesn't bring up when it has fixed configuration if taking the following steps.
Also the interface shows 100Mbps when connecting with a 1000Mbs port.
Conditions: The copper port has the following configuration;
interface GigabitEthernet0/0/5
speed 1000
no negotiation auto
1) Connect with a port with 100M speed,
2) Shutdown the peering interface or disconnect the cable,
3) Connect with 1000M full port and the interface doesn't bring up.
Workaround: Configure negotiation auto and then configure no negotiation auto.
shut/no shut doesn't work.
• CSCuo75385
Symptom: Multicast Extranet Traffic Drops.
Conditions: During RP switchover.
Workaround: There is no workaround.
• CSCuo76032
Symptom: The following message appears during session churn under scaleMultiple Tracebacks are seen.
Conditions:
May 8 22:05:37.410: %CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit 786432 KB reached, mapping block dram_dram size 524288 dynamically, over limit space: 108544 KBMay 8 22:05:43.374: %CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit 786432 KB reached, mapping block dram_dram size 524288 dynamically, over limit space: 109568 KBMay 9 09:48:15.082: %CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit 786432 KB reached, mapping block dram_dram size 524288 dynamically, over limit space: 110592 KBMay 9 12:17:23.034: %CPPDRV-4-ADRSPC_LIMIT: F1: cpp_cp: Address space limit 786432 KB reached, mapping block dram_dram size 524288 dynamically, over limit space: 111104 K
Scale testing with 27000 ppp session.
Tests are done in repetitive cycles.
Workaround: There is no workaround.
• CSCuo77017
Symptom: The tcam resource has not released after 32k efp configured and deleted on the asr1001
413Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: with a clear configuration running 3.13 img,configure 32k efp , check the tcam resource on the asr1k, and delete the efp then check the tcam on the asr1k, will find the resource hs not beem released.
Workaround: Reload the router or FP.
• CSCuo77698
Symptom: when we tried to change slot of SPA-1X10GE-L-V2.
Following messages can be seen continuously. after that SPA cannot boot up.
Step1:use < hw-module subslot 0/3 shutdown> to power off SPA
Step 2:unplug SPA from slot 0/3/0 then insert it into 0/1/0
*May 12 06:14:30.407: %FPD_MGMT-3-MAJOR_VER_MISMATCH: Major image version mismatch detected with 10GE I/O FPGA (FPD ID=1) for SPA-1X10GE-L-V2 card in subslot 0/1. Image will need to be upgraded from version 0.1292 to at least a minimum version of 1.9. Current HW version = 1.2.*May 12 06:14:30.408: %FPD_MGMT-5-UPGRADE_ATTEMPT: Attempting to automatically upgrade the FPD image(s) for SPA-1X10GE-L-V2 card in subslot 0/1. Use 'show upgrade fpd progress' command to view the upgrade progress ...*May 12 06:14:30.456: %FPD_MGMT-6-BUNDLE_DOWNLOAD: Downloading FPD image bundle for SPA-1X10GE-L-V2 card in subslot 0/1 ...*May 12 06:14:30.555: %FPD_MGMT-6-UPGRADE_TIME: Estimated total FPD image upgrade time for SPA-1X10GE-L-V2 card in subslot 0/1 = 00:00:20.*May 12 06:14:30.560: %FPD_MGMT-6-UPGRADE_START: 10GE I/O FPGA (FPD ID=1) image upgrade in progress for SPA-1X10GE-L-V2 card in subslot 0/1. Updating to version 1.9. PLEASE DO NOT INTERRUPT DURING THE UPGRADE PROCESS (estimated upgrade completion time = 00:00:20)
FPD upgrade in progress on hardware, reload/configuration change
on those hardware is not recommended as it might cause HW programming
failure and result in RMA of the hardware.
*May 12 06:14:31.989: %CMCC-3-PLIM_STATUS: SIP0: cmcc: A PLIM driver informational error SBM1 Signal Err_l detected on SPA I/F, block 3 count 1*May 12 06:14:45.345: %FPD_MGMT-6-UPGRADE_PASSED: 10GE I/O FPGA (FPD ID=1) image in the SPA-1X10GE-L-V2 card in subslot 0/1 has been successfully updated from version 0.1292 to version 1.9. Upgrading time = 00:00:14.785*May 12 06:14:45.345: %FPD_MGMT-6-OVERALL_UPGRADE: All the attempts to upgrade the required FPD images have been completed for SPA-1X10GE-L-V2 card in subslot 0/1. Number of successful/failure upgrade(s): 1/0.*May 12 06:14:45.345: %FPD_MGMT-5-CARD_POWER_CYCLE: SPA-1X10GE-L-V2 card in subslot 0/1 is being power cycled for the FPD image upgrade to take effect.*May 12 06:14:45.346: %SPA_OIR-6-OFFLINECARD: SPA (SPA-1X10GE-L-V2) offline in subslot 0/1*May 12 06:14:51.395: %FPD_MGMT-3-MAJOR_VER_MISMATCH: Major image version mismatch detected with 10GE I/O FPGA (FPD ID=1) for SPA-1X10GE-L-V2 card in subslot 0/1. Image will need to be upgraded from version 0.1292 to at least a minimum version of 1.9. Current HW version = 1.2.*May 12 06:14:51.395: %FPD_MGMT-5-UPGRADE_ATTEMPT: Attempting to automatically upgrade the FPD image(s) for SPA-1X10GE-L-V2 card in subslot 0/1. Use 'show upgrade fpd progress' command to view the upgrade progress ...*May 12 06:14:51.395: %FPD_MGMT-6-BUNDLE_DOWNLOAD: Downloading FPD image bundle for SPA-1X10GE-L-V2 card in subslot 0/1 ...*May 12 06:14:51.398: %FPD_MGMT-6-UPGRADE_TIME: Estimated total FPD image upgrade time for SPA-1X10GE-L-V2 card in subslot 0/1 = 00:00:20.*May 12 06:14:51.403: %FPD_MGMT-6-UPGRADE_START: 10GE I/O FPGA (FPD ID=1) image upgrade in progress for SPA-1X10GE-L-V2 card in subslot 0/1. Updating to version 1.9. PLEASE DO NOT INTERRUPT DURING THE UPGRADE PROCESS (estimated upgrade completion time = 00:00:20)
414Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.2S
Conditions: This issue can not be reproduced by 100%.
we tried to reproduce it with 3 other slots, the issue cannot be reproduce unless
unplug SPA from slot 0/3/0 then insert it into 0/1/0.
Workaround: change other SPAs.
• CSCuo80647
Symptom: Grub counters in mfib Transport VRF
Conditions: Scenario 1
ASR1K PE is configured with Multicast Extranet VPN to act as Multicast Source.
Transport VRF is configured with mdt default. Multicast vrf rpf select command is configured to do rpf check from Transport to Source VRF. Whenever we clear mfib Source VRF counters we can see grub numbers in Transport VRF mfib output.
Scenario 2
ASR1K PE is configured with Multicast Extranet VPN to act as Multicast Receiver.
Transport VRF is configured with mdt default. Multicast vrf rpf select command is configured to do rpf check from Receiver VRF to Transport VRF. Whenever we clear mfib Transport VRF counters we can see grub numbers in Receiver VRF mfib output.
Workaround: Clear Counters on Transport VRF.
• CSCuo80873
Symptom: Crash.
Conditions: In b2b or intra-box redundancy configurations with stateful features (ie NAT, FW, etc) and the ha_build_pkt function starts after processing a virtually reassembled pkt.
Workaround: There is no workaround.
• CSCuo81949
Symptom: Traceback during churng XE3.13 - %FMANRP_ESS-4-WRNPARAM_U.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo85982
Symptom: High RP and ESP utilization and generation of many large (~ 1 MB) logging files with names of the form "cpp_cp_F*".
Conditions: IPv4 multicast packets received on interfaces configured for IP subscriber sessions.
Workaround: There is no workaround.
• CSCuo88928
Symptom: POE Power bal card not bieng recognised on Greyhound P1A unit.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuo90646
Symptom: Multiple Citrix ICA tags QOS may not work, showing only one of the ICA Tags configured.
Conditions: Applying more then one Citrix ICA Tags QOS rules.
Workaround: Use 15.2(2)S or 15.4(2)S and above images.
415Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCuo90700
Symptom: ELC: i2c read/write errors on popinac console logs for Cu/100FX SFPs.
Symptom: Multiple IOS-XE CPP Ucode crashes with IPSec + GRE + MPLS
Conditions: There is no condition.
Workaround: There is no workaround.
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S, page 417
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S, page 444
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S.
• CSCtk05154
Symptom: Not all dtmf is detected by the receiving endpoint. PCM analysis will show two tones too close together to be detected as two.
Conditions: Dial the same number rapidly. For example 99999999.
Workaround: There is no workaround.
• CSCue18556
Symptom: There is no RP CLI to dump drop counter due to High Priority Policer.
Conditions: On configuring the High Priority Policer there is no RP CLI to dump drop counters.
416Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: Using the CC CLI. Caveat: CC CLI show "other system drop" "High Priority Policer drop count"
• CSCue29595
Symptom: SRTP passthrough for h323 calls failing.
Conditions: h323 calls are failing when both the legs are h323 and its SRTP passthrough.
Workaround: There is no workaround.
• CSCuf51465
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S, page 417
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S, page 444
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S.
• CSCtk05154
Symptom: Not all dtmf is detected by the receiving endpoint. PCM analysis will show two tones too close together to be detected as two.
Conditions: Dial the same number rapidly. For example 99999999.
Workaround: There is no workaround.
• CSCue18556
Symptom: There is no RP CLI to dump drop counter due to High Priority Policer.
Conditions: On configuring the High Priority Policer there is no RP CLI to dump drop counters.
Workaround: Using the CC CLI. Caveat: CC CLI show "other system drop" "High Priority Policer drop count"
• CSCue29595
Symptom: SRTP passthrough for h323 calls failing.
Conditions: h323 calls are failing when both the legs are h323 and its SRTP passthrough.
Workaround: There is no workaround.
• CSCuf51465
Symptom: On ASR1000-2T 20GE Linecard, TCAM_VLAN_TABLE_FULL Error is not displayed.
417Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: when Maximum scale of 48K VLAN already configured and user attempts to add more than 48K VLANS on the card.
Workaround: There is no workaround.
• CSCug37057
Symptom: RSVP hello stays in "PASSIVE".
Conditions: Ospf send bdb packet error for incomplete adj.
Workaround: There is no workaround.
• CSCug73829
Symptom: Data Conversion Errors seen while configuration changes at Remote end device.
Conditions: Data Conversion Error & traceback can be seen while doing configuration changes on remote end device.
Workaround: There is no workaround.
• CSCuh03476
Symptom: Tracebacks seen while configuring APS parameters on a POS link.
Conditions: During normal CLI configurations.
Workaround: There is no workaround.
• CSCuh72004
Symptom: On the Cisco ASR1000 Series Router, the FPD upgrade on the Fixed Ethernet Line Card (ELC) causes line protocol to stay down on its Interfaces. The Route Processor (RP) card on the router goes out of sync. The line protocol status on ELC-console is shown as 'up'; but, the RP is unaware of this. As per RP, all the 1G ELC interfaces are in 'down' state. 'Shut/no shut' of the affected interfaces interface-config does not resolve the issue.
Conditions: FPD upgrade of the DB-FPGA on the Ethernet Line Card, performed via the router command: "upgrade hw-module subslot <> fpd bundled reload" or "upgrade hw-module subslot <> fpd file <filename> reload" causes the issue.
Workaround: Reload the Ethernet Line Card by either a manual removal/insertion of the line card or via the router command "hw-module slot <> reload" This issue happens because the SPA is reloaded after a successful DB-FPGA(FPD) on a line card. However on ELC, SPA OIR is not supported since since it is just a logical subslot. Hence, after a FPD upgrade, the SPA is left in an undefined state causing line protocol to stay down. To resolve this issue, the card is restarted (slot reloaded). As a result of this fix, after a successful FPD upgrade the user would see the following messages on the RP2 console: *<Date_Time>: FPD MSG HANDLER: upgrade result response from 0/0 received, card type=0x75F, fpd id=0x16, num retries=1, upgrade result=2, upgrade id=8
*<Date_Time>: %FPD_MGMT-6-UPGRADE_PASSED: DB FPGA (FPD ID=22) image in the
BUILT-IN-2T 20X1GE card in subslot 0/0 has been successfully updated from version 1.12
to version 1.13. Upgrading time = 00:03:51.518 *<Date_Time>:
%FPD_MGMT-6-OVERALL_UPGRADE: All the attempts to upgrade the required FPD images have
been completed for BUILT-IN-2T 20X1GE card in subslot 0/0. Number of
interfaces disabled *<Date_Time>: %IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot
0 *<Date_Time>: %CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware
*<Date_Time>: %IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0 *<Date_Time>:
418Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
%CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>:
%IOSXE_OIR-6-REMSPA: SPA removed from subslot 0/0, interfaces disabled *<Date_Time>:
%IOSXE_OIR-6-OFFLINECARD: Card (cc) offline in slot 0 *<Date_Time>:
%CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>:
%CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>:
%IOSXE_OIR-6-ONLINECARD: Card (cc) online in slot 0 *<Date_Time>:
%CMRP-5-PRERELEASE_HARDWARE: R1/0: cmand: 0 is pre-release hardware *<Date_Time>:
%IOSXE_OIR-6-INSSPA: SPA inserted in subslot 0/0 *<Date_Time>: %LINK-3-UPDOWN:
SIP0/0: Interface EOBC0/1, changed state to up *<Date_Time>: %SPA_OIR-6-ONLINECARD:
SPA (BUILT-IN-2T 20X1GE) online in subslot 0/0.
• CSCui14805
Symptom: Dubious QL-SEC seen on 10M src of MN spa after cable removal and reloadng spa.
Conditions: GPS 10M port connected to Symmetricom device.
Workaround: Remove and re-apply the config to go QL-FAILED state. network-clock input-source 3 External 2/0/0 10m
• CSCui48145
Symptom: On RP platform, the following multiple messages were observed after redundancy force-switchover:
*Jul 19 19:30:58.303: %CMANRP-6-CMHASTATUS: RP switchover, received fastpath \ becoming active event *Jul 19 00:53:28.384: %IOSXE-3-PLATFORM: R0/0: kernel: physmap-flash.0: Chip not \ ready for buffer write. Xstatus = c4, status = c4
This is not observed on ELC platforms. The root cause of the above messages on RP was found to be the following: Some revisions of the P30, P33, and J3 Flash memory devices can hang when an ERASE SUSPEND command is issued following an ERASE RESUME without waiting for the minimum delay time to elapse. The result is that when the ERASE appears to be complete (no bits are toggling), the contents of the Flash memory block on which the ERASE was executing could be inconsistent with the expected values. This causes ERASE operation to fail. This was fixed for RP via CSCub14611. However, the fix did not apply fro ELC platforms since ELC-specific changes use the CISCO_CONFIG_ELC instead of CISCO_CONFIG_MCP. This extends the fix for ELC platforms.
Conditions: Redundancy force-switchover on RP.
Workaround: There is no workaround.
• CSCui68187
Symptom: ASR1001 may reload while downloading a file to modify running config.
Conditions: This symptom is seen when a tftp server which is uncommon freeware for windows PC is used and not seen when the file transfer is done from unix machines.
Workaround: Not to use the particular tftp server.
• CSCui70561
Symptom: Low performance for AVC 2.0 on ESP100 setup.
Conditions: There are no known conditions.
Workaround: There is no workaround.
• CSCui72473
Symptom: When the Traffic is flowing through ATM1xOC3 the rate of flow fluctuates very faster and the counters doesn't match.
419Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
sh int atm0/3/0 | i pack
Above command can be used repeatedly to check the rate.
Conditions: The traffic should be flowing through ATM SPA.
Workaround: There is no workaround.
• CSCui74020
Symptom: After configuring on ASR1k: cdp run ! interface gi0 dp enable ASR1k isn't able to find its CDP neighbor
(e.g. a Switch): ASR1k#show cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID while the switch can find its CDP neigbor(ASR1k): Switch#show cdp nei Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone Device ID Local Intrfce Holdtme Capability Platform Port ID ASR1k Gig 1/0/19 134 R I ASR1006 Gig 0
Conditions: CDP enabled globally and on Mgmt Interface.
Workaround: There is no workaround.
• CSCui76166
Symptom: TTB Rx info not getting updated on one asr1k router serial interfaces - Bident
Conditions: ange of framing type
Workaround: default interface and re-configure OR OIR Bident.
• CSCui86755
Symptom: Add local GM ACL on the Cisco ASR 1000 Router, and remove it. Adding the ACL and removing it changes the flow priority that does not work on the Cisco ASR 1000 Router.
Conditions: When the ACL is changed on KS or GM.
Workaround: There are 2 workarounds:
1. If the permit ACL is appended to KS ACL, or if the ACL is removed from bottom of KS ACL, then there is no flow priority change, and the issue is not observed there. The limitation with this workaround is that the Group config on KS has only one SA. Also, if Deny ACL is added, some packet drops are observed.
2. Clear the GetVPN registration on the Cisco ASR 1000 Router using the clear crypto gdoi command.
Conditions: After reloading the box or inserting SFPs.
Workaround: There is no workaround.
• CSCuj14655
420Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: Traceback seen while boot up
Conditions: Load latest mcp_dev in 6RU-FP80 system.
Workaround: There is no workaround.
• CSCuj30033
Symptom: ATM interface - SPA-1XOC3-ATM-V2 - shows counters frozen when interface is shut down.
Conditions: Running traffic over an ATM (SPA-1XOC3-ATM-V2) interface and then shutting down the interface - interface counters remain frozen and do not return to zero.
Workaround: There is no workaround.
• CSCuj33901
Symptom: ASR1000-RP2's actual ACTV/STBY LED state is incorrect. Although RP2 state is active, STBY LED light up. This issue is seen while using V04 RP2.
Conditions: V04 RP2.
Workaround: Refer to Field Notice FN63704.
• CSCuj44148
Symptom: CPU hog on "SSS Manager" process.
Conditions: With a rate of 10 CoA/s over a period of 4 hours ISG. Issue can also reproduce with a rate of 40 CoA/s over 1 hour period.
Workaround: CPP to rate limit CoA may help to alleviate the issue. However, if the CoA burst remains for a extended period of time, it may not be possible to avoid. Standby RP Should be up to avoid this issue. Have a look Eng-Note-RCA enclosure for more detail.
• CSCuj44237
Symptom: With Suite-B configured (i.e. esp-gcm / esp-gmac transform) on a GETVPN Key Server (KS), Group Members (GM) the following error message is generated:
"*** SERIOUS ERROR: OVERLAPPING IV RANGES DETECTED ***"
Error message is generated when the following steps are performed:
Conditions: Suite-B is configured (i.e. esp-gcm / esp-gmac transform) on a GETVPN Key Server (KS) with GM's registered The KS policy ACL is changed from ACL1 to ACL2 (where ACL2 is a subset of ACL1) & a rekey is sent from the KS using "crypto gdoi ks rekey" The KS policy ACL is reset back from ACL2 to ACL1 & a rekey is sent from the KS using "crypto gdoi ks rekey"
Workaround: If a KS policy ACL1 must be changed to ACL2 and then changed back to the original ACL1 while Group Members (GM) have already registered and downloaded GETVPN Suite-B policy (i.e. esp-gcm / esp-gmac transform), do one of the following:
– Wait for the TEK's of the original ACL1 to expire after the first rekey before changing back to the original ACL1
421Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
– Issue "crypto gdoi ks rekey replace-now" instead of "crypto gdoi ks rekey" after changing back to the original ACL1.
– If the above two workarounds do not work, issue "clear crypto gdoi" on the GM's with the error or "clear crypto gdoi ks members now" on the KS to reset the entire group.
• CSCuj45298
Symptom: With the ASR1k packet-trace feature, a packet may be shown as "Consumed Silently" in the packet state, where it really should be forwarded. This is only a problem with the packet trace output, and does not impact the actual forwarding functionality.
Conditions: This can happen when packet-trace is tracing a tunnel encapsulated packet.
Workaround: There is no workaround.
• CSCuj46984
Symptom: ASR1k FNF not possible to clear normal cache contents.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCuj49523
Symptom: On ASR1000-2T 20GE and ASR1000-6TGE line cards, on interfaces with MAC Loopback, the interface Counters are not updating correctly.
Conditions: After setting the MAC loopback on the interface.
Workaround: There is no workaround.
• CSCuj50396
Symptom: The flow exporter status becomes inactive.
Conditions: This symptom occurs after an RP switchover while checking flow monitor information.
Workaround: There is no workaround.
• CSCuj52382
Symptom: MAC acl drops on popinac with isis_frr configs.
Conditions: This symptom is observed when verfiying the isis neighbors.
Workaround: There is no workaround.
• CSCuj52396
Symptom: In a VPLS Inter-Autonomous System Option B configuration, the virtual
circuits between the Autonomous System Border Router (ASBR) and the PE may
fail to come up.
Conditions: This symptom is observed while initially establishing VCs after the ASBR has reloaded.
Workaround: The clear xconnect exec command can be used to clear
the VCs that are down.
• CSCuj57479
Symptom: Static Pat entries dont work and do not show up in the show ip nat translations output
Conditions: when using both TCP and UDP port on the physical interface in the static pat config
Workaround: instead of specifying interface x overload, use the ip address of the Interface.
• CSCuj61598
422Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: ASR1K cpp_cp_svr crash on ASR1002x or ASR1K using ESP100.
Conditions: This issue has only been see on bundle type interfaces such as MLPPP, MLFR, GEC and possibly ATM if a hierarchical QoS policy is replaced with a flat QoS policy and then a rate change event occurs on the interface (such as removing or adding a link on a bundle type interface). The trigger is the bandwidth change following replacement of the hierarchical QoS policy with a flat QoS policy.
Workaround: If a hierarchical QoS policy is replaced with a flat QoS policy this issue can be avoided by first deleting the bundle interface, adding it back, and then applying the flat QoS policy.
• CSCuj66067
Symptom: Router running out of memory after an upgrade to 15.3(1)S, 15.3(3)S, 15.4(1)S
Conditions: Huge number of Route server contexts configs in the router. Approximately 700+
Workaround: Reduce the number of Route server contexts. Downgrade the IOS version to 15.2(4)S or lower release
• CSCuj67593
Symptom: ASR1K:Mac-accounting counters are not updating after MDR on Gigabit Ethernet SPA module.
Conditions: This symptom is observed after completion of Minimal Disruptive Restart (MDR) procedure for a GigE SPA module running XE3.8 or higher release.
Workaround: Reload the SPA slots after the MDR.
• CSCuj68565
Symptom: ASR1000-2T 20X1GE and ASR1000-6TGE Card status will remain unknown in any slot post insertion in slot4/5 of ASR1013 with ESP40.
Conditions: Sequence of events needed: 1. Insert the ASR1000-2T 20X1GE and ASR1000-6TGE in Slot 4 or 5 of ASR1013 with ESP40 2. Remove the card 3. Insert in any other slot other than slot 4 and 5.
Workaround: Wait for minimum 1 minute before reinserting the card in slot other than 4 and 5 (ie 1 min wait between step 2 and 3 of Condition above)
• CSCuj71234
Symptom: Tracebacks with the following signature "%QFPOOR-4-LOWRSRC_PERCENT" are seen on the console with negative percentage complaining of resource depletion.
Conditions: These tracebacks are usually seen on a clean-up operation performed on a router i.e manual removal of all configs. But it's not limited to only this operation and could be seen with router configuration as well.
Workaround: There is no workaround.
• CSCuj71839
Symptom: CLI hang in SBC adjacency sip mode.
Conditions: This symptom is observed when over 2000 sbc sip adjacencies are configured.
Workaround: There is no workaround.
• CSCuj74513
Symptom: The ha test case about 96k sessions of EoGRE can not support on esp40 currently.It hit the system limitation.
423Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: When it reaches the upper limit, the router crashes. The exmem not enough is not the root cause of crash, but a trigger event. After analyzing, the traceback was caused by the code defect which was fixed in code diff. The exception handling is not very robust for out of memory.
Workaround: There is no workaround.
• CSCuj75952
Symptom: ASR1K route processor reloads.
Conditions: ASR1K is being used to terminate PPPoA sessions and Call Admission Control (CAC) has been enabled. The crash occurs during PPPoA session establishment if CAC determines that resources are low and HW assisted CAC needs to be enabled.
Workaround: Disabling Call Admission Control is the only known workaround.
• CSCuj77998
Symptom: All packets that need to be encrypted may be dropped.
Conditions: This happens when traffic is flowing for a long duration without any rekey when the crypto sequence number overflows
Workaround: Have a shorter rekey interval
• CSCuj78467
Symptom: Memory leaks are seen on exiting the output of "show perf mon cache"
Conditions: The issue is seen on ASR1006 platform with XE3.11 image
Workaround: Do not exit the output of "show perf mon cache"
• CSCuj79195
Symptom: ASR router crashes when platform hardware debug is enabled.
Conditions: Platform hardware debug is enabled.
Workaround: There is no workaround.
• CSCuj79732
Symptom: H323 HA adjustment.
Conditions: H323 HA adjustment.
Workaround: There is no workaround.
• CSCuj80062
Symptom: Unexpected RP reload in asr1k.
Conditions: Stream of corrupted ATM cells on idle VCC due to SIP hardware failure.
Workaround: There is no workaround.
• CSCuj81174
Symptom: Show commands for pools are incomplete leading to inability to debug pool related issues in the field
Conditions: This is a NAT related issue and only relevant with dynamic translations involving pools
Workaround: This DDTS is needed in order to view complete pool state
• CSCuj82468
Symptom: Enabling "debug plat pack drop" and pinging large packets (payload > 1500) may result in a CPP crash.
424Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: In order to hit this crash, either "debug platform packet-trace drop" or "debug platform packet-trace packet 256 circular" must be configured. The router may then crash if it receives a fragmented packet that it reassembles.
Workaround: Avoid configuring "debug plat packet drop" or circular tracing.
• CSCuj82693
Symptom: ESPs going offline and remaining in "disconnecting" state for a few minutes, until fman_fp and cppc_cp processes failures.
Conditions: This symptom is observed when %CPPBQS-3-QMOVESTUCK: Fx: cpp_cp: QFP 0 schedule xxx queue move operation is not progressing as expected.
Workaround: There is no workaround.
• CSCuj82922
Symptom: show platform software ip rp active mfib vrf * summary command fails to display multicast routing table of all VRFs.
Conditions: when global table of ip multicast is not enabled, sometimes not display.
Workaround: show ip vrf detailed xxx to get the vrf index.
• CSCuj85322
Symptom: show platform hardware qfp active inter if-name gi0/0/4 | i STILE IPV4_INPUT_STILE_LEGACY IPV4_OUTPUT_STILE_LEGACY IPV6_INPUT_STILE_LEGACY IPV6_OUTPUT_STILE_LEGACY
Conditions: Configured: policy in, policy out and PD on interface. After removing policies and PD from interface, I see FIAs of STILE still bound to interface.
Workaround: Configure "ip nbar protocol-dicovery" and "no ip nbar protocol-dicovery" on any interface
• CSCuj85408
Symptom: For VPLS mstp test Bpdus are not receiving.
Conditions: This symptom is observed when packet drops are seen.
Workaround: There is no workaround.
• CSCuj85993
Symptom: A Cisco ASR1006 (RP2) running Cisco IOS-XE Version: 03.07.04.S (asr1000rp2-adventerprisek9.03.07.04.S.152-4.S4) will crash after a recent High Availability (HA) fail-over event.
Conditions: High Availability (HA) fail-over is implemented with RP2 on the Cisco ASR. When a fail-over is initiated to the active RP2 module (for example by removing the active RP2 module), the ASR fails over fine, but once a hold resume is initiated on an existing call (that was preserved from the fail-over), the ASR reboots.
Workaround: The crash is not observed on IOS-XE version 03.07.03.S
• CSCuj86393
Symptom: cpp_cp process crashes on ESP100, ESP100 or ASR1002-X.
Conditions: Bring up 4k PPPoLNS sessions. Tear-down large number of sessions (eg. >3k) by performing "shut" on individual Dialer interfaces one-by-one on CPE.
Workaround: There is no workaround.
• CSCuj88292
425Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: Once you reboot router with XE3.11 BFD is getting disabled.
Conditions: BFD session showing down
Workaround: Remove interface BFD config and reapply it.
• CSCuj91680
Symptom: ESP crashes running 3.9.1 when NAT enabled.
Conditions: NAT must be enabled.
Workaround: There is no workaround.
• CSCuj92006
Symptom: memory leak when remove class map.
Conditions: remove last class class-default.
Workaround: remove policy-map directly.
• CSCuj92836
Symptom: The described issue is an XE only issue that impacts several AVC fields.
Fields list: Field Export id Introduced in RLS Fix RLS connection sum-duration 279 3.4 3.10.2, 3.11.1 connection new-connections 278 3.4 3.10.2, 3.11.1 connection client counter bytes network long 41106 3.9 3.10.2, 3.11.1 connection server counter bytes network long 41105 3.9 3.10.2, 3.11.1 policy qos queue drops 42129 3.9 3.10.2, 3.11.1
These fields show incorrect value. Problem cause: When cache record is reused, these fields are not cleared. Since they are accumulative fields, they report constantly increasing values. Full fix for this issue is clearing these fields using general FNF mechanism that does it. Since this fix has ISSU impact, we will do it in 3.12. In 3.10.2 and 3.11.1 we will provide a partial fix that clears these fields differently.
Conditions: There are no known conditions.
Workaround: There is no workaround.
• CSCuj94188
Symptom: Unaccounted drops in Ethernet Line card for Multicast traffic.
Conditions: When Multicast traffic is sent more than the ESP performance limit, due to ingress back pressure from ESP causes overruns in the Line card but these drops are not showed in the overruns
Workaround: There is no workaround.
• CSCuj95903
Symptom: When executing Mediatrace poll from CLI, the following message is displayed:
Escape sequence received. Aborting poll...
However, no escape sequence has been sent.
Conditions: On the Mediatrace poll command, no timeout parameter is specified.
Workaround: Specify a timeout on the Mediatrace poll CLI:
mediatrace poll timeout 60 path-specifier name name perf-monitor profile name
• CSCuj96123
Symptom: ASR1000 crashed with following log in crashinfo file:
426Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
UNIX-EXT-SIGNAL: Segmentation fault(11), Process = SBC main process
Conditions: the ASR1000 router is the standby router in CUBE-SP setup.
Workaround: There is no workaround.
• CSCuj99471
Symptom: Attempting to configure a xconnect may fail and display the following
error message:
% Invalid i/f handle 0
Conditions: This symptom is observed when the peer address or VC ID of an existing
xconnect is configured to a new value, then the xconnect is removed and
reconfigured with the original values.
Workaround: Completely unconfigure the existing xconnect before configuring with a new
peer address or VC ID.
• CSCul00007
Symptom: Files cannot be downloaded via the management interface via FTP/HTTP/SCP. This can include firmware files, configuration files, or license files.
Conditions: This symptom occurs on using the management interface on a Cisco ASR 1000 or ISR 4450-X router.
Workaround: There are two workarounds for this issue.
1. Use an interface other than the management interface to download the file or use a protocol that does not use TCP as the session transport such as TFTP.
2. Set the IP_ADDRESS rommon variable to the IP address of the management interface.
• CSCul00709
Symptom: Cisco IOS XE Cisco Packet Processor (CPP) crashes on a device configured with MPLS IP.
Conditions: Device configured with mpls ip
Workaround: There is no workaround.
• CSCul02534
Symptom: Voltage Drop observed while issuing nominal to nominal command.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul03067
Symptom: Tunnel interface QoS tail drop counter reported at physical interface. Service policy is applied on the tunnel 5432. --Drops are seen on the output of "show policy-map tunnel 5432" --Drops are seen on the physical interface over which the tunnel is built. --NO drops are seen on the Tunnel interface. --From the output below OQD is "0" for the tunnel interface.
BGL.Q.20-ASR1K-1# show platform hardware qfp active statistics drop ------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- TailDrop 753351 63281484 BGL.Q.20-ASR1K-1#show inter summary <snip> Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
427Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: When packets are dropped on a tunnel interface, the output of: - show platform hardware qfp act interface all statistics drop_summary - show interface summary would only show the dropped packets against the phsyical interface, which made it difficult to determine which tunnel the packets were being dropped on.
Workaround: There is no workaround.
• CSCul04033
Symptom: LDP stays down over Multilink when connecting to Juniper router.
Conditions: Issue notice with latest IOS as same setup was working with 15.0(1)S1(3.1S) and earlier release.
Workaround: There is no workaround.
• CSCul06361
Symptom: When subscriber session is created with 'ip subscriber interface' on subinterface in shutdown state, after bringing the subinterface up, the 'out' pkt counters are not increasing. Subscriber does not have IP connectivity, since traffic is going only in one direction.
Conditions: ASR1k ISG running IOS XE 3.7.4.S (15.2(4).S4), with 'ip subscriber interface' created from subinterface in shutdown state.
Workaround: Clearing subscriber session when subinterface is up/up will re-establish session with connectivity restored.
• CSCul06398
Symptom: Reach max CPU utilization when rate is much below 500K CPS.
Conditions: Do 500K CPS rate performance test on ESP80.
Workaround: There is no workaround.
• CSCul06682
Symptom: Ixia1°™asr1k1---asr1k2---ixia2Ixia1 sends 10000pps traffic to ixia2ixia2 sends 10000pps traffic to ixia1only normal ip traffic, without labal... and there is no packet lostthe qfp datapath utilization input and output should 20000but the utilization summary displayed abnormal asr1k1shmcp-1013-1#sho platform hardware qfp active datapath utilization summary CPP 0: 5 secs 1 min 5 min 60 minInput: Total (pps) 10000 10000 10000 8015 (bps) 27235992 27239832 27234912 21826272Output: Total (pps) 10009 10004 10004 8022 (bps) 26757256 26739616 26739560 21434288Processing: Load (pct) 0 0 0 0shmcp-1013-1#sho platformChassis type: ASR1013
Slot Type State Insert time (ago)--------- ------------------- --------------------- -----------------0 ASR1000-2T+20X1GE unknown 00:42:521 ASR1000-2T+20X1GE unknown 00:42:522 ASR1000-SIP40 ok 00:42:52
428Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
2/0 SPA-1X10GE-L-V2 ok 00:40:502/1 SPA-1X10GE-WL-V2 ok 00:40:502/2 SPA-1X10GE-L-V2 ok 00:40:502/3 SPA-1X10GE-L-V2 ok 00:40:503 ASR1000-SIP40 ok 00:42:523/0 SPA-1X10GE-L-V2 ok 00:40:503/1 SPA-1X10GE-L-V2 ok 00:40:503/3 SPA-1X10GE-L-V2 ok 00:40:504 ASR1000-SIP40 ok 00:42:524/0 SPA-1X10GE-L-V2 ok 00:40:504/1 SPA-1X10GE-WL-V2 ok 00:40:505 ASR1000-SIP10 unknown 00:42:52R0 ASR1000-RP2 ok, standby 00:42:52R1 ASR1000-RP2 ok, active 00:42:52F0 ASR1000-ESP80 ok, active 00:42:52P0 ASR1013/06-PWR-AC ps, fail 00:41:42P1 ASR1013/06-PWR-AC ok 00:41:42P2 ASR1013/06-PWR-AC ok 00:41:41P3 ASR1013/06-PWR-AC ps, fail 00:41:41
Slot CPLD Version Firmware Version--------- ------------------- ---------------------------------------0 N/A N/A1 N/A N/A2 00200800 15.3(3r)S3 00200800 15.3(3r)S4 00200800 15.3(3r)S5 N/A N/AR0 10021901 15.3(3r)SR1 10021901 15.3(3r)SF0 11100400 12.2(20111018:223207) [gschnorr-mcp_...shmcp-1013-1#shdropGlobal Drop Stats Packets Octets---------------------------------------------------------------- The Global drop stats were all zeroshmcp-1013-1#sho versionCisco IOS XE Software, Version BLD_V154_1_S_XE311_THROTTLE_LATEST_20131015_120615-stdCisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVENTERPRISEK9-M), Experimental Version 15.4(20131015:142745) [v154_1_s_xe311_throttle-BLD-BLD_V154_1_S_XE311_THROTTLE_LATEST_20131015_120615-ios 174]Copyright (c) 1986-2013 by Cisco Systems, Inc.Compiled Tue 15-Oct-13 10:03 by mcpreAsr1k2shmcp-4ru-2#sho platformChassis type: ASR1004
Slot Type State Insert time (ago)--------- ------------------- --------------------- -----------------0 ASR1000-SIP40 ok 11:46:440/0 SPA-1X10GE-L-V2 ok 11:43:540/1 SPA-1X10GE-L-V2 ok 11:43:541 ASR1000-SIP40 ok 11:46:441/0 SPA-1X10GE-L-V2 ok 11:43:541/1 SPA-1X10GE-L-V2 ok 11:43:54R0 ASR1000-RP2 ok, active 11:46:44F0 ASR1000-ESP80 ok, active 11:46:44P0 Unknown ps, fail neverP1 ASR1004-PWR-AC ok 11:45:33
shmcp-4ru-2#sh platform hardware qfp active datapath utilization summary CPP 0: 5 secs 1 min 5 min 60 minInput: Total (pps) 10000 10000 10000 8136 (bps) 27127392 27040272 27050560 22108000Output: Total (pps) 7 3 3 3 (bps) 34520 17416 17376 15704Processing: Load (pct) 0 0 0 0
shmcp-4ru-2#shdropGlobal Drop Stats Packets Octets---------------------------------------------------------------- The Global drop stats were all zero
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul07210
Symptom: ASR1000-2T 20x1GE and ASR1000-6TGE cards can go into reload with certain combinations QinQ scale config.
Conditions: Card reload with scale config.
Workaround: There is no workaround.
• CSCul07295
Symptom: With L2TPv2, the LNS uses an incorrect mtu of 1464 bytes instead of 1460 bytes on Virtual-Access Interface.
This can cause large packets to be blackholed or post-encapsulation fragmentation.
Conditions: This problem occurs with "ip mtu adjust" under the vdpn-group.
Workaround: Instead of using "ip mtu adjust" under the vpdn-group, set the mtu manually under the virtual template interface.
• CSCul08311
Symptom: SIP ALG will drop NAT traffic.
Conditions: In a case, FQDN instead of IP address is included in the "c=" line of SDP in the 200 OK response, and SIP ALG will drop this message.
Workaround: Turn off SIP ALG if SIP server (VCS) can support NAT traversal by itself. Another way is to let VCS fill IP address instead of FQDN in the "c=" line of SDP if possible.
• CSCul11961
Symptom: ISSU xe311->xe312: Stadby FP not coming up after runversion
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul15444
Symptom: While testing ISSU from xe311<->mcp_dev(super-pkg) with security features, observing fman_fp crash followed by cpp-mcplo-ucode is seen.
Conditions: Issue is seen after issu runversion.
Workaround: There is no workaround.
• CSCul16541
430Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: cpp_cp_svr crash with model F QoS and multiple PPPoEoA/PPPoA VCs on one or more ATM PVPs.
Conditions: While bringing up multiple PPPoEoA/PPPoA sessions with model F QoS on one or more ATM PVPs.
Workaround: There is no workaround.
• CSCul18227
Symptom: A prefix containing the PMSI tunnel attribute (RFC 6513/6514) has the flags portion of the attribute cleared even though the sending peer had set them (the "leaf required" flag is turned into "leaf no required").
Conditions: This occurs upon receiving an MVPN prefix (RFC 6513/6514).
Workaround: There is no workaround.
• CSCul18806
Symptom: ELC MDR: Reconcile failed for int_num 0x1505F000 bitmap 0x00001E7F.
Conditions: Observed during one-shot consolidated MDR.
Workaround: There is no workaround.
• CSCul21158
Symptom: ESP crashes for IOS-XE based platforms.
Conditions: Crash may occur when executing the CLI command: show platform hardware qfp active infrastructure exmem map.
Workaround: There is no workaround.
• CSCul22381
Symptom: Unexpected tracebacks occur randomly at a very slow rate (i.e. once per day or even less). Normal processing will continue.
Conditions: This issue is specific to ESP100, ESP200 or ASR1002-VE.
Workaround: There is no workaround.
• CSCul24332
Symptom:
000080: *Nov 5 06:20:08.231 UTC: %OCE-3-MISSING_HANDLER_FOR_SW_OBJ_TYPE: Missing handler for 'non choice oce get next' function for type Loadbalance-Traceback= 1#fa53c8e50eb34ad6b14c6e73742aa633 :400000+8D10D1 :400000+33C98B4 :400000+441693F :400000+6CEEAC2 :400000+33E118C :400000+33ADE6F :400000+3355C80 :400000+335590D :400000+33A9B82 :400000+33A9299 :400000+33AF9C9 :400000+33AF82F :400000+34A0183 :400000+349FF99 :400000+346EE86 :400000+1622694
Conditions: in vrf Mgmt-intf, there are 8 prefixes referring to same adjacency.
Workaround: There is no workaround.
• CSCul25109
Symptom: AVC: Templates are not exported right after reload with RP1.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul25833
431Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: Issue with Dual Collector FNFV9 in ASR 1002x only one collector is collecting and the second one is not.
Conditions: under flow-monitor provisioning.
Workaround: Apply each flow monitor with a gap of 5secs. However, this will be customer impacting since many if this is controlled by scripts.
• CSCul26686
Symptom: Scaled vlan qinq config on SPA. If the TCAM of SPA becomes full and more qinq vlan is configured then TCAM_VLAN_TABLE_FULL message is not displayed.
Conditions: TCAM is full.
Workaround: For verification whether a new entry has been added or not, check for TCAM entry using CLI on SPA console.
• CSCul27037
Symptom: WebAuth sessions contain duplicate L cookies in accounting and interim watchdog aaa updates
Conditions: If an enduser authenticates via a Portal-Page, the ISG (ASR1k) will send out duplicate L cookies to the Radius server.
Workaround: There is no workaround.
• CSCul27083
Symptom: Ucode crash seen.
Conditions: Ucode crash seen while doing RP switchover with 1000 ipv6_ipsec tunnels and acls with traffic.
Workaround: There is no workaround.
• CSCul31100
Symptom: COS markings not seen Proper on the dot1q interface.
Conditions: The issue will be seen if met any of following conditions:
1. Crypto-Map implemented in Transport mode implemented on Tunnel.
2. Fragment happened in data plane on the dot1q interface.
Workaround: Remove Encryption from the Tunnel or downgrade IOS to 15.0(1)S3 if the issue is happened with IPSec but no fragment; No workaround if the issue is happened with big enough packet(need fragment);
• CSCul31192
Symptom: ESP may crash @ipv4_nat_alg_prune_sd.
Conditions: seen with SIP traffic.
Workaround: There is no workaround.
• CSCul34313
Symptom: Active FP crash on removing nat mapping.
Conditions: Dynamic acl using route-map.
432Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: There is no workaround.
• CSCul34776
Symptom: After ISSU process AOR and dependent fields are not working. Also, sampler granularity may be different from the configured.
Conditions: Happens sometimes.
Workaround: Remove AVC configuration and apply it again after the ISSU process is finished.
• CSCul35389
Symptom: Following error messages re observed with SPA reload
==================================================================Nov 26 2013 15:14:31.496 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP Nov 27 2013 17:31:42.464 EST: %SERVICES-3-NORESOLVE_ACTIVE: SIP0: mcpcc-lc-ms: Error resolving active FRU: BINOS_FRU_RP
The process mcpcc-lc-ms is held down and the SIP is reloaded.
Conditions: Error are observed when SPA is reloaded.
Workaround: There is no workaround.
• CSCul38081
Symptom: In a scaled environment, when a preferred path configuration is removed and is followed by a RP switchover the pseudowire interfaces goes down. The psudowire interface comes up if we add the preferred path or just remove and add the neighbor statement.
Conditions: This symptom is not observed under any specific conditions.
Workaround: There is no workaround.
• CSCul43587
Symptom: ucode crash.
Conditions: on removing at cgn mode.
Workaround: There is no workaround.
• CSCul47135
Symptom: On Cisco ASR 1000 routers, services are not removed or applied from the active subscriber sessions when CoA is sent from the radius server. The router sends wrong values in response to the CoA request packet.
Conditions: This symptom occurs when 15.2(20130918:081157) is run.
Workaround: There is no workaround.
• CSCul48822
Symptom: While provisioning an ISG IP Subscriber session it is possible to leak an ESS segment chunk (IOSXE ESS SEG).
Conditions: The memory leak may occur when there is an error provisioning an ISG IP subscriber session.
Workaround: There is no workaround.
• CSCul48865
Symptom: Some static vrf nat entries which are stored in the startup-config don't appear in the show running.
433Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: After reloading the router.
Workaround: N/A. Once hitting the symptom, reconfigure those nat entries.
• CSCul50570
Symptom: Ucode crash followed by cpp crash while scaling to 500 MLPoA bundles PTA.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul51296
Symptom: Connections timed out after RP switchover.
Conditions: The symptom is observed when connection reset after RP switchover. Not able to establish new connections.
Workaround:Re-enable Service Context. Problem happens in about 1 in 10 RP switchover on ESP20. This had not been with other ESP so far.
• CSCul54111
Symptom: This issue causes the ESP to crash while applying QoS Model F. The issue occurs with both small and scaling configuration. The problem occurs all ESPs including ISR and CSRs.
Conditions: The problem occurs with both small and large configurations. It is timing related as it occurs after running asynchronously in which case the code executes the deferral path which was not clear the event processing flags upon completion. When these flags are not cleared, the code treats the condition as fatal; hence the ESP crash.
While Model F is understood to be impacted by this problem it is conceivable this issue could occur with any configuration where the target interface handle for the policy is different from the parent interface handle, e.g. vlan queue on a GE interface.
Model F Sample Configuration:
policy-map grandparent class class-default shape average 10000000
class-map match-all p0 match precedence 0 class-map match-all p1 match precedence 1 class-map match-all p2 match precedence 2
policy-map child class p0 priority police cir 2000000 class p1 bandwidth remaining ratio 10 class class-default bandwidth remaining ratio 1
policy-map parent class class-default shape average 10000000 bandwidth remaining ratio 1 service-policy child
434Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
The parent policy would typically be applied on a session on the vlan. The issue would typicall occur when the grandparent policy is processed on ESP.
Workaround: There is no workaround.
• CSCul55038
Symptom: In mpls-vpn scenario, when the size of packet coming from core network is bigger than mtu set on CE facing interface, the expected ICMPv6 TOO_BIG fail to return.
Conditions: The symptom is observed when 1. packet is bigger than mtu on CE facing interface. 2. the packet comes from core mpls network and try to go through CE facing interface. 3. the issue is found on PE in mpls-vpn scenario.
Workaround: Enable IPv6 on core facing interface, which is receiving the mpls packet to CE.
• CSCul55180
Symptom: Crash @ fmanrp_fnf_monitor_update seen on ASR1K - RP1 setup after reload.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul58940
Symptom: Consumed packets may be incorrectly traced when drop tracing is enabled.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul60101
Symptom: Possible tail drops at lower than expected data rate on an interface following a interface rate change.
Conditions: When the data rate of a interface is increased, the recalculated default queue queue-limit was not always applied. This problem only occurs on data rate increases, updated queue-limit is applied correctly if the data rate is reduced. This issue is mainly applicable to interfaces with no output QoS queuing policy applied.
In addition this issue is specific to interfaces where the bandwidth can change dynamically such as MLPPP, MLFR, and Aggregate GEC interfaces as links are dynamically added and removed from the bundle interface. Can also occur with other interface types such as ATM PVCs, Serial, and ethernet should the user reconfigure the interface data rate.
Workaround: For interfaces where the user can configure the interface speed, if possible configure a higher interface data rate and then reconfigure with the intended lower interface data rate. For interfaces types whose data rate can be changed dynamically (i.e. bundle type interfaces).
• CSCul61683
Symptom: Error messages similar to below may be displayed on the console due to stale stats usage:
435Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: ZBFW SYN cookie counter shows positive number although the real number of half open sessions have dropped to zero. Since the counter is used to trigger SYN cookie once it is over the configured limit, this is causing the SYN cookie protection to always kick in regardless of the real situation, which drags down the network performance.
Conditions: SYN cookie feature needs to be configured, and it is configured to protect per VRF or global number of half open sessions. The counter error only happens under some race condition which needs particular and supposedly high traffic load to trigger.
Workaround: Disable the SYN cookie. The counter problem only happens under certain corner case. When the counter goes wrong, the SYN cookie protection logic could be triggered erroneously.
• CSCul64664
Symptom: After VC goes down, the packets are received on xconnect interface are leaked.
Conditions: This symptom is observed when VC goes down -Unicast packet with TTL>=2 are received on that xconnect interface -When having the route for the destination of the unicast packets.
Workaround: Remove the route from the routing table -apply an ACL to deny these leaked packets.
• CSCul67310
Symptom: ASR1K microde crash with either of the following errors
Conditions: This issue ONLY affects on ASR1002x and ASR1K RP2/ESP100 based platforms running 15.2(4)S, 15.3(1)S, 15.3(2)S, 15.3(3)S, and 15.4(1)S based images. This issue can occur on platforms with scaled sub-interface or broadband session configurations when the number of sub-interfaces or sessions on a interface is reduced from > 4000 to less than 4000 and moderate to heavy traffic flow is occurring at the time that the sub-interface or session count is reduced. If the the ASR1K is operating below this threshold or above this threshold this issue is not seen.
Workaround: There is no workaround.
• CSCul68308
Symptom: CPUHOGs will be observed on the system.
Conditions: When Ethernet line card is configured scaled QinQ configuration with inner vlan as a range with and without custom classification configuration, during Reload of linecard or Shut & no Shut of interface causes CPUHOG on the Linecard.
Workaround: Instead of using single sub interface with Range of inner vlan, divide this inner vlan into multiple ranges and configure multiple subinterfaces on the same interface.
• CSCul68429
Symptom: FP crash while testing PPoE sessions.
Conditions: Applying nat settings to CGN mode.
Workaround: There is no workaround.
• CSCul70378
Symptom: .Ping from peer PE with packet more than 9216 bytes over MPLSomGRE tunnel, 1002X kinpin crash.
Conditions:
1. only kinpin crash; ping from kinpin, 1002F no crash;
2. if both PES(1002X and 1002F) are running MCP latest image, no crash;
436Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
3. crash only when kinpin running MCP lastest image, the peer PE 1002F running old image(perhaps the image before 1029, without fix of CSCui64579);
4. two PEs are connected directly(no switch), and jumbo MTU is enabled on core faced interface;
5. ping packet size more than 9216 over MPLSomGRE tunnel from peer PE;
Workaround:
1. use asr1k for both PE, and running latest image;
2. or, do not enable jumbo MTU on core faced interface;
3. or, do not ping packet size over 9216 from PE to peer PE;
• CSCul70833
Symptom: Byte-based queue-limit does not work correctly when fair-queue is configured.
Conditions: -Using fair-queue feature simultaneously. The issue can happen on ASR1k. The issue is found on 15.3(3)S.
Workaround: Use packet-based queue-limit instead of byte-based queue-limit.
• CSCul71193
Symptom: counter is wrong.
Conditions: RAU traffic.
Workaround: There is no workaround.
• CSCul80160
Symptom: Ucode crash while disabling flow entry.
Conditions: With nat outside mapping.
Workaround: There is no workaround.
• CSCul81725
Symptom: cpp_cp_svr on ESP crashes.
Conditions: When configuring MLPoEoPTA, the control plane events generated to the data plane cause the data plane to crash if the events are generated in a certain order. This is highly dependent upon timing between the control plane and data plane.
Workaround: There is no workaround.
• CSCul81777
Symptom: On an ASR1000 series router, the ESP can crash when packet trace is enabled.
Conditions: Conditional debug and packet-trace is enabled.
Workaround: There is no workaround.
• CSCul83097
Symptom: "dot1q tunneling ethertype 0x88A8" CLI will work for port-channel, which crashes FP. This CLI is not supposed to work for port-channel on ASR1k.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCul83474
Symptom: ESP crash.
437Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: This symptom is observed when executing "no ip cef load-sharing algorithm include-ports destination" with high throughput about 10Gbps.
Workaround: There is no workaround.
• CSCul86211
Symptom: When LNS power-offs while the sessions keep on establishing at LAC, LAC finds the l2tp db memory exhausted after sometime. Due to this it failed to update the session in DB and during this period crash is observed.
Conditions: Crash is observed when LAC tries to add l2tp session in DB and failed to do so. In order to handle this error condition LAC frees the l2tp and l2x session twice. This double free is the reason for crash.
Workaround: There is no workaround.
• CSCul93292
Symptom: Ucode crash with alg traffic when there is flow passing through physical interface with nat configuration vasi interface with nat configuration in the same box.
Conditions: Ucode crash with alg traffic.
Workaround: Disable all the algs
• CSCul93523
Symptom: CPP 0 failure Stuck Thread(s) detected
Conditions: Setting up about 2.2kps traffic with both nat/non-nat packets.
Workaround: There is no workaround.
• CSCul94622
Symptom:On an ASR router with ct3 SPA, Malloc Failures and SPA F/W download failures are seen.
Conditions: SPA should have many channels configured (> 50 % of its max capacity) and SPA soft reload is done.
Workaround: There is no workaround.
• CSCul96767
Symptom: Add IPSLA dataplane timestamping support
Conditions: On Nightster.
Workaround: There is no workaround.
• CSCul98774
Symptom: ASR1K DSP MIB "cdspCardObjects" are not working after the RP2 switchover happens for various reasons.
Conditions: When RP switch over happens.
Workaround: workaround is to do a hw-module stop/start on the SPA-DSP cards.
• CSCul99801
Symptom: Following tracebacks may be seen:
002529: Nov 28 10:53:45.898 UTC: L2TP-3-ILLEGAL _____:_____:________:ERROR: L2TP session, no L2X
Root cause is L2TP sessions being torn down at the moment the session is being renegotiated.
This is a very corner case and should remain very rare.
Tracebacks are harmless in this case. (As the L2TP session was being torn down anyway)
Conditions: * Seen on IOS XE 3.10.1
Workaround: There is no workaround.
• CSCum02221
Symptom: Memory Corruption crash: chunk accessing past redzone
Conditions: while running BGPv4 codenomicon suite; BGP receives an update with repeating valid attributes with flag lengths bigger than data in the packet.
Workaround: There is no workaround.
• CSCum02329
Symptom: Try to configure MPLS MTU on an interface that will not be programmed.
Conditions: When we configure MPLS MTU on an interface, MPLS MTU value is not programmed in the hardware and a packet larger than mpls mtu value is also allowed and doesn't get dropped.
Workaround: Use IP MTU or interface mtu instead of MPLS MTU.
• CSCum04298
Symptom: EVFC check is not working.
Conditions: With Priority traffic.
Workaround: There is no workaround.
• CSCum04414
Symptom: 20 VRFs, 5000 v4 mroutes and 5000 v6 mroutes per VRFs. mLDP based MVPN.
shutdown the physical interface of ingress PE. Ingress PE reload due to PD issue.
Conditions: There is no condition.
Workaround: There is no workaround.
• CSCum07119
Symptom: Router generates tracebacks or crashes depending on platforms when 'show application ip route' command is used concurrently with application route deletion.
439Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: show application ip route command is issued when JAVA onePK SDK is handling route replace operations
Workaround:
1. Use 'show ip route' to display the application routes and not 'show application ip route'.
2. Use onePK GET ROUTE API to get the status of application added route
3. Use 'show application ip route' only when there is no route delete is in progress
• CSCum09702
Symptom: OSPF neighbors can not establish FULL adjacency over dmvPN tunnels.
Conditions: This symptom is observed when dmVPN with OSPF is configured on IOS-XE platforms.
Workaround: There is no workaround.
• CSCum10676
Symptom: Router crashes during multicast replication.
Conditions: There are no known conditions.
Workaround: Following is the config to change the age timers. You can adjust this age time based on their requirement. ARP aging time config:
------------------- ASR(config)#int BDI164 ASR(config-if)#arp timeout ? <0-2147483> Seconds ASR(config-if)#arp timeout 1800 ASR(config-if)#end MAC aging time config: ------------------- ASR(config)#bridge-domain 164 ASR (config-bdomain)#mac aging-time ? <30-3600> Aging time in seconds, default 300 seconds (or 1800 seconds for overlay bridge domains) ASR(config-bdomain)#mac aging-time 1810
This problem will happen if the MAC entry is age out before the ARP entry of the given Host. So, if we configure the MAC age, slightly more than ARP age, then, the crash does not occur.
• CSCum13126
Symptom: After initiating an RP fail-over either through redundancy force-switchover or by using test crash, MLPPP interface remains down though T1's are up. Either shut/no shut of 1 of the member links or clear ppp all brings the MLPPP interface back up.
Conditions: Trigger: RP fail-over seems to be the Trigger, apart from which there do not have to be any associated config changes made.
Workaround: There is no workaround.
• CSCum22612
Symptom: Since the ASR fails to send MM6 [being a responder] in the absence of a valid certificate, IKE SAs start leaking and hence get stuck in MM_KEY_EXCH state. Multiple MM_KEY_EXCH exist for a single Peer on the ASR, however the Peer does not retain any SAs for ASR in this case.
Along with CAC for in-negotiation IKE SAs, these stuck SAs block any new SAs or IKE rekeys even after renewing the certificates on the ASR.
Conditions: ASR acting as IKEv1 termination point [sVTI for example] and is a responder.
IKE authentication mode is RSA-SIG [Certificates].
On the ASR, the ID-Certificate is either Expired or Not-present for a given sVTI tunnel
The ASR also has a IKE in-negotiation CAC of a certain value.
Example:
440Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
crypto call admission limit ike in-negotiation-sa 30
Workaround:
1. Manually delete stuck SAs by using:
clear crypto isakmp 12345
.. where 12345 is conn_id of a stuck SA.
Repeat this for each stuck SA
2. Temporarily increase CAC to accommodate new SA requests:
crypto call admission limit ike in-negotiation-sa 60
• CSCum23619
Symptom: No counter to show the ATM VC IFM call out and response
Conditions: ATM VC IFM call
Workaround: There is no workaround.
• CSCum25232
Symptom: ASR1K will fail to verify a message that is signed using a non-standard RSA key length (2024 for example). The failure is commonly seen during SCEP enrollment or when validating a peer certificate when RSA-SIG is used for phase 1 authentication.
Conditions: The failure has been observed on ASRs using an integrated ESP.
Workaround: There is no workaround.
• CSCum27490
Symptom: after reload, the tunnel traffic is not passed
Conditions: you have tunnel configured, and also have config with:
configure ip cef accounting per-prefix non-recursive
Then, reload the device. After the system is up again, you may find the tunnel traffic is not working.
Workaround: after reload,
Then, you have two options:
1. delete previous tunnel and re-config the same one
2. add a new tunnel with the same tunnel source as previous tunnel , then delete this new tunnel intf. After this config, everything will be recovered.
• CSCum35386
Symptom: The AVC Sum Duration metric is incorrect on the Utlra platform.
Conditions: AVC Sum Duration metric is enabled via one of the AVC / EzPM tools (e.g. ART), and is assinged to an interface on an Ultra plaform (however it works fine on ASR).
Workaround: There is no workaround.
• CSCum40367
Symptom: Traceback seen while adding fair queue on existing Subscriber child policy.
Conditions: This symptom is observed with background traffic flow.
Workaround: There is no workaround.
• CSCum42058
Symptom: These logs come up every 7 seconds filling up logging buffer:
441Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
001628: Jan 4 11:48:18.658 pst: UDLD-3-UDLD_IDB_ERROR UDLD errorhandling failed to get IDB subblock (rcv) interface: Gi0/0/1.100-Traceback= 1#bbfe8c0a51f338b185d077b248d1e545 :400000+13C8281:400000+662BBEC :400000+662A4DE :400000+662A36B
Conditions: Recieved an UDLD packets with VLAN tag.
Workaround: There is no workaround.
• CSCum44943
Symptom: ip mtu adjust feature should consider Ns/Nr 4-bytes sequencing field for auto calculation of vaccess mtu at LNS in the case where LAC wants to enable data packet sequencing by sending "Sequencing Required" AVP in ICCN towards LNS.
Now, the 4-bytes are not considered for the auto calculation of vaccess mtu at LNS in such a case.
Then, data packets having Ns/Nr 4-bytes sequencing fields in L2TP header may need to be fragmented after encapsulation at LNS.
Conditions: -ip mtu adjust is configured under the vdpn-group.
In a case where LAC wants to enable data packet sequencing by sending "Sequencing Required" AVP in ICCN towards LNS.
Workaround: Instead of using "ip mtu adjust" under the vpdn-group, set the mtu manually under the virtual template interface.
• CSCum48124
Symptom: Occasional crash/traceback and router reload when performing config-replace while both performance monitor/s (e.g. EzPM) and native FNF montor/s are assigned to the same interface.
Conditions:Performing a config-replace to a clean config (i.e. doesn't assign performance monitors or native FNF monitors), while there are both performance monitor/s (e.g. EzPM) and native FNF montor/s assigned to the same interface in the current running config.
Workaround: First un-assign ether or both the perfromance monitors and/or the native FNF monitors before performing the config-replace. In that case, the config-replace works ok.
• CSCum59909
Symptom: While testing ISSU from XE310<->XE312 with forwarding/security features,observing multiple features fails with both traffic and config failures followed by pendin-objects.
Conditions: Issue is seen after FP upgrade.
Workaround: There is no workaround.
• CSCum61622
Symptom: Traceback may be seen with sip/sunrpc/rtsp/rcmd/msrpc.
Conditions: scaled ALG.
Workaround: There is no workaround.
• CSCum66678
Symptom: When per-tunnel QoS is configured on a DMVPN hub, the ESP memory may become exhausted due to a memory leak. This could cause the ESP to reload.
Conditions: If there are a large number of DMVNP spokes and the spokes flap, then memory on the ESP is allocated and not freed. This could cause the memory exhaustion on the ESP and thus case the ESP to reload.
442Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: One could monitor the ESP memory usage and if it is getting low, then reboot the ESP during a mainance window. The command "show platform software memory qfp-control-process qfp act brief | inc I/F" can be used to determine if memory is being consummed due to this issue. Example:
mcp6ru-14#show platform software memory qfp-control-process qfp act brief | inc CPP I/F DB module allocated requested allocs frees ------------------------------------------------------------------------------ CPP I/F DB 128 48 5 0 <== normal condition is 5 allocs at bootup that is not freed
(one spoke flapped)
CPP I/F DB 8172 8076 6 0 <== 1 additional alloc of 8028 (2k spokes in network) - with this bug, this memory is not freed
• CSCum67637
Symptom: FP crash while clearing zone pair inspect session.
Conditions: With GTP configs in UUT.
Workaround: There is no workaround.
• CSCum74275
Symptom: In the current code expected time of the record is dependent on the start time of the first record.
As a result if there are mix and match of records from different interval, there is a possibility of expected record being changed. and the record getting dropped.
Conditions: Send records belonging to two different intervals simultaneously .
Workaround: Removing the dependency of the expected record time on start time of the first record.
Timer will look for the current interval packets and any future records will stored with the new code.
If the record time is lower than the current expected time than the record will be dropped.
• CSCum84228
Symptom: memory leak for GTP AIC req/res pool
Conditions: send GTP request message.
Workaround: There is no workaround.
• CSCum86411
Symptom: BGP performance will be slower on RP2 on 15.4(02)S release or newer images.
Conditions: Large scale BGP routes
Workaround: Use Image 15.4(01)S or older.
• CSCum88382
Symptom: BFD session not established upon RP Switchover and back
Conditions: RP switchover and switchback.
Workaround: There is no workaround.
• CSCum98137
Symptom: FP reloads due to cpp_cp process crash.
443Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: Creating a session w/QOS policy and applying a shaper on VLAN for the session where both of these events occuring at the same time.
Workaround: There is no workaround.
• CSCun00488
Symptom: Duplicate records are exported from MMA.
Conditions: set up a topolgy as below
SRC --- UUT --DST
|
collector
set the configuration at the UUT to export all the records to collector. At exporter notice duplicate records.
Workaround: There is no workaround.
• CSCun01152
Symptom: An IOS-XE router may reload unexpectedly when zone-based firewall is configured.
Conditions: Zone-based firewall is configured. May be dependent on many active MSRPC sessions.
Workaround: There is no workaround.
• CSCun02711
Symptom: observing cpp_cp_svr crash
Conditions: Interface Flap with Model4 QoS under Oversubscribe load.
Workaround: There is no workaround.
Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
This section documents the open issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S.
This section documents the unexpected behavior that might be seen in Cisco ASR 1000 Series Aggregation Services Routers Release 3.7.5S.
• CSCud94511
Symptom: Multiple Tracebacks are seen.
Conditions: Router reload.
Workaround: There is no workaround.
• CSCue61643
Symptom: When the encapsulation on pvc is aal5mux.
Conditions: Ping fails when encapsulation on pvc is aal5mux.
Workaround: Configure a different encapsulation aal2snap and make it default.
• CSCuh11621
Symptom: Nightster: Shut/No-Shut on Nightster bay0/1 causes PLIM driver Errors
Conditions: None.
444Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: There is no workaround.
• CSCuh18853
Symptom: The performance of a TFTP file transfer to/from an ASR1K running XE37 has severly decreased compared to older releases (e.g. XE 2.6.2).
Conditions: is has been observed on an ASR1K running XE373.
Workaround: There is no workaround.
• CSCui15609
Symptom: IDBINDEX_SYNC-4-RESERVE errors and IDBINDEX_SYNC-3-IDBINDEX_ENTRY_MISMATCH errors logging.
Conditions: While unconfiguring vrf vpn on spoke router of DMVPN.
Workaround: There is no workaround.
• CSCui64579
Symptom: ping failed with packet size over 10184.
446Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: MPLS mtu max enabled for MPLSomGRE tunnel
Workaround: Disable MPLS mtu max.
• CSCuj46462
Symptom: Local PBR route-map counter are double the packets sent on ASR1K
Conditions: None.
Workaround: There is no workaround.
• CSCul37377
Symptom: ESP crashed when receiving packets with 10 stacked labels
Conditions: None.
Workaround: There is no workaround.
• CSCul97328
Symptom: FP40: FPM IP packets not displayed in "show log" on XE311.
Conditions: None.
Workaround: There is no workaround.
• CSCum73080
Symptom: Traceback seen while doing a 'default range' on the control, data and InterLink interfaces on a RG Active Router.
Conditions: Stateful HTTP / FTP traffic was being sent through the router.
Workaround: Do a default on all the interfaces one by one instead of doing 'default range Gig x - y'.
• CSCuh62666
Symptom: All packets punt to RP for GEC interface.
Conditions: Config and remove ethertype for GEC interface.
Workaround: There is no workaround.
• CSCtz50465
Symptom: ISSU between incompatible images goes through.
Conditions: This happens for images between ISSU-break.
Workaround: There is no workaround.
• CSCub87409
Symptom: Memory leak in oom.sh process RP and FP.
Conditions: None.
Workaround: There is no workaround.
• CSCuj84220
Symptom: Nightster: 10GE Eval license does not transition into In-Use status.
Conditions: None.
Workaround: There is no workaround.
• CSCul17693
447Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: On the ASR1000 platform family, CISCO-ENHANCED-MEMPOOL-MIB & CISCO-MEMORY-POOL-MIB show lsmpi_io pool with little free memory. As a result, various SNMP management software applications may generate an error/notification.
Conditions: This condition is shown from the moment the router boots up.
The lsmpi_io pool is used on the Route Processor of all ASR1000 routers. Unlike other IOS versions IOSd on the ASR is a process running on IOS XE. IOSd has a single logical interface which communicates to IOS XE. This interface is called the Linux Shared Memory Punt Interface (LSMPI). When the ASR1000 boots the lsmpi_io pool is created and nearly all of the memory is allocated up front by design. Therefore, the little free memory shown in the MIBs is by design and does not indicate an error condition.
The LSMPI interface is described further in this document:
http://tools.cisco.com/squish/b64AB
Workaround: There is no workaround for the lsmpi_io pool having little free memory. If some other piece of software is generating alarms for this reason the management software needs to be adjusted.
• CSCty54912
Symptom: chunk sibling memory failure.
Conditions: Left the testbed idle for more than 10 hrs.
Conditions: when clear radius proxy + dhcp sessions.
Workaround: There is no workaround.
• CSCum79612
Symptom: RADIUS(00000030): Send CoA Ack Response to x.x.x.x:41447 id 250, len 710
<snip> RADIUS: ssg-account-info [250] 79 "service-name;946;41791249308;37024;98648;2170218;130964086" <= this is the value for downstream bytes and not as document here for upstream:http://www.cisco.com/en/US/docs/ios/ssg/configuration/guide/ssg_radius_prof_attr_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1055577.
Conditions: ASR1k is configured to function as an ISG.
Workaround: The admin can change the evaluation of these down-/upstream bytes on the portal server
g= <1;servicename;elapsed-time in seconds;username;downstream packets;upstream packets;downstream bytes;upstream bytes>.
• CSCud94511
Symptom: Traceback appeasrs in UUT.
Conditions: Unconfiguring firewall configs from UUT.
448Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: There is no workaround.
• CSCum22245
Symptom: Description:
1. Observing following DSP Errors
Dec 5 11:40:08.340 IST: %DSP_SPA-3-BUFF_FAIL: SIP0/1: Not Enough MEM Buffers at dsp receive
Dec 5 11:40:27.774 IST: %FARM_DSPRM-6-CALLDROPINFO: dspfarm active calls on this card dsp 2 channel 12 will be dropped.
2. Observing following memory leaks
ASR_1006#show memory debug leaks summary
Adding blocks for GD... lsmpi_io memory Alloc PC Size Blocks Bytes What Processor memoryAlloc PC Size Blocks Bytes What 0x73AC2C6 0000001492 0000000501 0000747492 DSMP0x740E000 0000000268 0000000028 0000007504 dsp_interfaceAlloc PC Size Blocks Bytes What0x740E000 0000000324 0000000172 0000055728 dsp_interfaceTracebacks:ASR_1006#show memory traceback totals-Traceback= 1#5b598b1360a2e5028a2d474cd717da72 [2] :400000+6FAC2C6 :400000+6FAC192 :400000+70089B2 :400000+6EE3088 :400000+6F6A920 :400000+705AD3D :400000+70596BD :400000+6F1F667 :400000+6F1F150 (529519 seen)Holding: 506864 Num of blocks: 338 Peak Holding: 1294872-Traceback= 1#5b598b1360a2e5028a2d474cd717da72 [1] :400000+700E000 :400000+6F6A26B :400000+705AD3D :400000+70594E7 :400000+6F1F667 :400000+6F1F150 (289981 seen)Holding: 111992 Num of blocks: 350 Peak Holding: 275720-Traceback= 1#5b598b1360a2e5028a2d474cd717da72 [3] :400000+6FAC2C6 :400000+6FAC192 :400000+70089B2 :400000+6EE3088 :400000+6F6AC9A :400000+705AD3D :400000+70596BD :400000+6F1F667 :400000+6F1F150 (2767 seen)Holding: 18192 Num of blocks: 12 Peak Holding: 739364
Conditions: With Contact center callflow:
3. Run Load with the following call flow
4. CPS: 30
5. Hold Time 33secs
Workaround: There is no workaround.
• CSCum51221
Symptom: Move reload log from /tmp to bootflash during performance analysis.
Conditions: None.
Workaround: There is no workaround.
• CSCuj82418
Symptom: CUBE-SP data plane forwording capacity drops.
Conditions: NNI performance test.
Workaround: There is no workaround.
• CSCuh95602
449Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: Self bound traffic dropped by firewall.
Conditions: NAT64 is configured and traffic is sent from IPv6 client (in) to IPv4 egress interface of UUT (self).
Conditions: This symptom is observed on a Cisco ASR1000 series router when
– time-based Access list Control (ACL) is configured on an interface and the
– time-based ACL is not in configured time-range.
Workaround: There is no workaround.
• CSCuj02884
Symptom: Packet drop with fragmented ipsec and nat64.
Conditions: None.
Workaround: There is no workaround.
• CSCuj09540
Symptom: ESP remains in "init, standby".
Conditions: The issue is caused by a reset due to a crash.
Workaround: Reload the router.
• CSCuj38420
Symptom: No alias interface for dynamic NAT.
Conditions: Overload configured for dynamic NAT.
Workaround: remove Overload.
• CSCuj79520
Symptom: Increased use of global addresess over time while running PAP.
Conditions: NAT PAP enabled along with vrf on outside interfaces.
Workaround: If global address pool becomes deleted, it may become necessary to clear ip nat translations or reload the CPP.
• CSCul01335
Symptom: FP may crash
Conditions: This symptom is observed on changing pap limit from 30 to 60 with traffic on
Workaround: There is no workaround.
• CSCul12835
Symptom: Crash with CGN/BPA configuration.
Conditions: IP pool was extended, single bit in BPA was set.
Not seen with 1000 users. Issue is seen with waround 8000 users.
Workaround: There is no workaround.
• CSCul65858
Symptom: GARP for the NAT-inside-global-address is sent from a non-Active HSRP router.
450Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
The problem is seen when one of the redundancy pair is reloaded and the interface comes up.
Because of the behavior, traffic loss is seen on the NAT traffic.
When receiving the GARP, active router shows the duplicate address message like below.
%IP-4-DUPADDR: Duplicate address x.x.x.x on GigabitEthernetx/x/x, sourced by xxxx.xxxx.xxxx
Conditions: None.
Workaround: There is no workaround.
• CSCul67817
Symptom: max nat translations with ACL not working.
Conditions: With PAT mapping using ACL nat limit config.
Workaround: There is no workaround.
• CSCul87051
Symptom: ASR1k running 3.7.2S
Two inside global addresses for the same inside local address.
Sufficient pool to handle one-to-one translations.
Conditions: IPv4 nat - ip nat inside source route-map <route-map> pool <pool> reversible
SIP traffic.
Workaround: There is no workaround.
• CSCum56514
Symptom: A Cisco router running IOS XE may crash and reload after generating a ucode core file and logs similar to the following:
Notice 1531: KRZ: SIP0: pvp.sh: Process manager is exiting: process exit with reload fru codeError 1530: KRZ: SIP0: cpp_cp: cpp_cp encountered an error -Traceback=Error 1529: KRZ: SIP0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69) Error 1528: KRZ: SIP0: pman.sh: The process cpp_cdm_svr has been helddown (rc 69) Informational 1526: KRZ: F0: cpp_ha: Shutting down CPP MDM while client(s) still connected Informational 1525: KRZ: SIP0: cpp_cdm: Shutting down CPP MDM while client(s) still connected Informational 1527: KRZ: F0: cpp_ha: Shutting down CPP CDM while client(s) still connected Error 1524: KRZ: F0: cpp_ha: CPP 0 microcode crashdump creation completed.
Conditions: A Cisco router running IOS XE and traffic passing through the NAT path.
Workaround: There is no workaround.
• CSCum61077
Symptom: Packets dropped while IPV4 to IPV6 translation with size above 1252.
Conditions: NAT64 on ASR1K.
Workaround: Decrease the IPV4 mtu size to 1252.
• CSCum69887
Symptom: NAT cann't handle the tcp sequence properly with LDAP ALG after pdu size changed. NAT will not handle the delta value for the right ack message but thereafter messages, which may cause mis-acked message flows between two endpoints.
451Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: Send LDAP traffic with empty comment item in LDAP ALG.
Workaround: There is no workaround.
• CSCum81447
Symptom: IPv4 fragment with non-zero offset not translated to ipv6 for nat64.
Conditions: None
Workaround: There is no workaround.
• CSCul47786
Symptom: failed to initialize qos EA with rp2 super image in mcp_cable_xos branch.
Conditions: None.
Workaround: There is no workaround.
• CSCun10918
Symptom: PPP subscribers cannot be terminated in ASR1K, due to object locked.
Conditions: EVSI Delete Errors: Out-of-Order 0, No dpidb 0, Underrun 0, VAI Recycle Timeouts 90215 =======> large number of VAI recycle timeouts
EVSI wrong dpidb type errors 0
EVSI Async Events: Total 92754, HW error 88050 =======> large number of HW errors as well.
Workaround: remove QOS of the ppp.
• CSCuh53255
Symptom: no media issue is encountered.
Conditions: By default, without "asymmetric payload full" configured, there will be no end-to-end PT negotiated. CUBE should do payload type interworking at RTP level. But right now, CUBE does not behave correctly, no media issue is encountered.
Workaround: configure "asymmetric payload full" under voice service voip -> sip
• CSCul48986
Symptom: cpuhog is seen when config lma network
Conditions: config pool ipv4 v4pool3 pfxlen 16
Workaround: There is no workaround.
• CSCul69967
Symptom: Pending issues in show platform software object-manager fp standby stats
Conditions: None.
Workaround: There is no workaround.
• CSCum95704
Symptom: iWAG doesn't handle update message received from p-GW/GGSN.
Conditions: None.
Workaround: There is no workaround.
• CSCun09973
Symptom: esp reloaded when received incorrect l2tp packet.
Conditions: l2tp packet with incorrect udp length.
452Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: DMVPN NDR drops on ASR1001 with a few feature combination in XE3.10 (FNF plays the major role in degradation).
Conditions: Compared to Version 15.3(20130416:060244) [mcp_dev-BLD-BLD_MCP_DEV_LATEST_20130416_040026-ios 179].
Workaround: There is no workaround.
• CSCui96224
Symptom: show crypto ipsec interface <interface-name> platform is listing the output of show platform software ipsec fp active interface all instead of selecting the right interface ID
Conditions: Using the new platform command.
Workaround: There is no workaround.
• CSCuj45711
Symptom: Packets from ASR with IPV6 and TBAR configurations, are not being forwarded, even though the packets are being decrypted on the ASR.
Conditions: ASR with IPV6 and YBAR enabled.
Workaround: There is no workaround.
• CSCul16548
Symptom: The 'show crypto ipsec sa peer <address> platform command may be incorrect for ESP 200 on ASR1K.
Conditions: The crypto context information will be incorrect for all the IPSec SAs programmed on crypto device 1 on an ESP 200.
Workaround: Use the 'show platform software ipsec fp active encryption-processor 1 context <context id>' command manually to get the crypto context information.
• CSCuc13721
Symptom: This is a modification on the product to adopt new secure code best practices to enhance the security posture and resiliency of the product.
This is a hardening defect and should not be made visible to customers.
Conditions: Device configured with default configuration.
Workaround: There is no workaround.
• CSCuj23729
Symptom: "uc wsapi" cannot be configured on S train platforms (juno)
Conditions: None.
Workaround: There is no workaround.
• CSCuh56746
Symptom: Crash observed when creating a zone for zone based firewalls
453Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: See when using standard or evaluation licenses.
Workaround: Apply the appropriate premium or advance license to configure zone based firewalls.
• CSCuh67020
Symptom: crash at add_zone.
Conditions: None.
Workaround: There is no workaround.
• CSCui72582
Symptom: Invalid CE table name using special characters should be rejected.
Conditions: None.
Workaround: There is no workaround.
• CSCun14279
Symptom: Traffic to and from a BDI Interface on an ASR 1000 stops.
The command 'show platform software l2fib fp active bd <BDI> unicast all' will show nothing when it should show the following:
Router#sh pla so l2fib fp active bd 2 unicast allMAC BD Nhop type Nhop Idx Flags ffff.ffff.ffff 2 olist 1026Router#sh pla so l2fib fp active mlist index 1026L2FIB Mlist entriesType Index AOM ID CPP Infoefp 1020010 aom id: 126, CPP info: 0x15929a4 (created)
Conditions: ISSU upgrade from 3.4.0 15.1(3)S2 to 3.10.0 15.3(3)S, followed by a shut / no shut of the BDI interface.
Workaround:
– Reload / Power Cycle the entire Router.
– Prior to the ISSU, remove all BDI configuration and replace it after the ISSU is completed.
– Create new bridge domains to replace misbehaving ones.
• CSCul95464
Symptom: CAC times of activation constant increment for IPv6 ND FSOL.
Conditions: None.
Workaround: There is no workaround.
• CSCum94111
Symptom: Breakup spa_generic_ngio.c and miscellaneous cleanup
Conditions: None.
Workaround: There is no workaround.
• CSCuf31885
Symptom: Users might experience slower network, specially on TCP connections. Delay in SYN/SYN ACK is reported by traffic generator.
Conditions: Heavy traffic and full AVC enabled (Config recommended by Marketing), QFP in ESP40 is higher than 7%. This can be verified by issuing the command of show platform hardware qfp active datapath utilization.
454Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: Use a less heavy AVC Config or disable AVC.
• CSCuf73907
Symptom: asr1k:elc:wrong display for EVC in "sh bd" for Ten Gig links of ELC
Conditions: None.
Workaround: There is no workaround.
• CSCun15914
Symptom: collapse contrib/openssl back to main.
Conditions: None.
Workaround: There is no workaround.
• CSCuf44203
Symptom: AFW memory corruption.
Conditions: None.
Workaround: There is no workaround.
• CSCub42703
Symptom: video_SDP_Passthru call are failing Bandwidth based on CAC.
Conditions: None.
Workaround: There is no workaround.
• CSCud32723
Symptom: [Skyrise]ASR1001: Performance degradation for IPV4-IPV4 FA and FT calls
Conditions: None.
Workaround: There is no workaround.
• CSCub72573
Symptom: encpas counter in "show crypto ipsec sa" may occasionly show incorrect value
Conditions: IPSec tunnels configured and used on the device
Workaround: There is no workaround.
• CSCui19103
Symptom: It is observed that no value is returned for an SNMP query (nhrpServerEntry) made by the SNMP server to the UUT (DMVPN Hub) in a Hierarchical DMVPN Scenario, where the HUB is an intermediate device which works as both DMVPN Hub and Spoke.
Conditions: None.
Workaround: There is no workaround.
• CSCuh81159
Symptom: XE 3.11 : Traceback seen during Xfer on CUBE.
Conditions: None.
Workaround: There is no workaround.
• CSCui80093
Symptom: CUBE not falling to FT mode for srtp-rtp call in no DSP case.
Conditions: This is seen when DSP resources are shutdown/unavailable in the router.
455Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: Configure dspfarm profile in the router if available or do not configure "media flow-around" CLI. This issue is particularly observed when Flow-around is configured for srtp-rtp call and when there are DSP resources in the router
• CSCui87426
Symptom: CUBE moving to FA with one call-leg as srtp and other call-leg as rtp which is wrong.
Conditions: This is seen in srtp-rtp call and in mid-call , inleg fallsback from srtp to rtp.
Workaround: There is no workaround.
• CSCul04900
Symptom: Hydrogen serviceability Feature crash in Xe 311 image As per crash decode snippet, serviceability/event trace code crashed
1. Trace commands enabled at common_setup section, monitor event-trace voip ccsip fsm monitor event-trace voip ccsip msg monitor event-trace voip ccsip misc monitor event-trace voip ccsip api monitor event-trace voip ccsip global monitor event-trace voip ccsip limit connections 1000 monitor event-trace voip ccsip stacktrace 8 monitor event-trace voip ccsip history enable" monitor event-trace voip ccsip history clear" monitor event-trace voip ccsip all enable"
2. By default all feature codes and log level are enabled at particular TC setup section
3. Single audio call is established, after 4 to 5 sec. crash occurred.
Workaround: Passed image :15.4(0.19)S0.4
• CSCul46066
Symptom: Hung Calls with SIP SPI with Refer Consume Load
Conditions: observing hung calls with Refer Consume CVP load test. Hung calls observed with SIP SPI
Steps to reproduce:
– Configure max connection with 3 Refer to Dial-peer & outbound dial-peer towards CVP.
– Run Load with 1000 calls for few hours.
CPS: 10CHT: 100 secsTotal Number of active calls : 750Issue observed with max-conn with multiple dial-peers
Workaround: Use dial-peers without max-conn.
456Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCuf14884
Symptom: dummy packet generation per SA does not follow configured interval.
Symptom: ASR1K does not output %XCONNECT-5-PW_STATUS: message although remote xconnect device's interface is down or up.
Conditions: This happens only remote xconnect device's interface is down or up. When ASR1K xconnect interface is down or up this does not happen.
Workaround: There is no workaround.
• CSCui09671
Symptom: GEC: recycle bundle can't keep up on Yoda platforms
Conditions: None.
Workaround: There is no workaround.
• CSCum73445
Symptom: cpp_cp_svr crash.
Conditions: Problem has been intermittently seen when tearing down bundle type interfaces such as MLPPP and MLFR.
Workaround: There is no workaround.
• CSCum90878
Symptom: Ultra HQF Perf: Eliminate extra scheduling layer/overhead from HQF cfg
Conditions: None.
Workaround: There is no workaround.
• CSCum99180
Symptom: Latency in PQ gets high under a certain traffic condition
Conditions: In the QoS scenario bellow, latency in PQ gets high in specific situation.
This issue happens when specifically shape rates <= 1Mbps
The interface is shaped as to 1Mbps with "account user-defined 24" in PARENT policy.
CHILD policy has 2 classes which is configured with "priority percent", another is configured with "bandwidth remaining"
Here is configured priority percent and the rate of test traffic in each scenario.
Two streams with different rate and frame size( Both are classified into PQ)
The Maximum Latency is greater than 1100¶Ãs.
class-pq:89% (890 kbps).DSCP pps byte Maximum Latency(¶Ãs)CS6 409 85 1100
457Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
12 64 1133
Workaround: There is no workaround.
• CSCun09640
Symptom: The following errors are seen when adding a child policy to a parent policy while configuring hierarchical QoS.
%CPPOSLIB-3-ERROR_NOTIFY: F0: cpp_cp: cpp_cp encountered an error %CPPOSLIB-3-ERROR_NOTIFY: F0: fman_fp_image: fman-fp encountered an error%PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_ha_top_level_server has been helddown (rc 69)%PMAN-3-PROCHOLDDOWN: F0: pman.sh: The process cpp_cp_svr has been helddown (rc 134)
This can result in a ESP (F Fabric) reload, causing a traffic outage
*Feb 13 07:39:05.829: %IOSXE_OIR-6-ONLINECARD: Card (fp) online in slot F0
Conditions:
– An interface with a service-policy applied.
– Adding/removing child policies on the parent hierarchical policy applied to the interface.
Workaround: Remove the policy from the interface before making the changes to the child/parent policy then reapply the policy to the parent.
• CSCui35958
Symptom: GLC-GE-100FX SFP state remains Enabled even when port status admin down.
Conditions: None.
Workaround: There is no workaround.
• CSCul10111
Symptom: Loopback Led is not changing to Amber in Javelin T3E3 spa in Encap PPP.
Conditions: While performing an active RP failure during ASR1006 subpackage MDR upgrade
Workaround: There is no workaround.
• CSCuj94548
Symptom: Intermittently SCOOBY-3-SERIAL_BRIDGE_CRITICAL error observed on ASR1000-2T+20x1GE card.
Conditions: None.
Workaround: There is no workaround.
• CSCul32464
Symptom: ASR1K: ELC - Add new MB FPGA ver 1.22 bundle
Conditions: None.
Workaround: There is no workaround.
• CSCul79546
Symptom: pactrac: show fia-traced packet has unexpected unformatted output.
Conditions: None.
Workaround: There is no workaround.
• CSCum59137
Symptom: %ASR1000_SPA_ETHER-3-TCAM_VLAN_ERROR: SIP0/0: Failed to add.
Conditions: Seen at the time of port-channel config, viz shut/no shut multiple config calls are sent , hence gives error at the time of adding vlan-entry which is already added and deleting vlan entry which is already removed.
Workaround: There is no workaround.
• CSCum67150
Symptom: Ingress MAC Acct stops working after doing a no mac acc on egress.
Conditions: None.
Workaround: There is no workaround.
• CSCum70828
Symptom: SNMP Query on dot3StatsDuplexStatus is shown as unknown on SPA-5X1GE-V2.
Conditions: While testing Ether-like MIB for SPA-5X1GE-V2.
Workaround: There is no workaround.
• CSCul47786
Symptom: failed to initialize qos EA with rp2 super image in mcp_cable_xos branch.
Conditions: None.
Workaround: There is no workaround.
• CSCub00482
Symptom: 2 IKEv2 sa created on a crypto session at flexVPN Server
Conditions: system bootup with 4K activity flexVPN clients and data traffic.
459Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: There is no workaround.
• CSCui22804
Symptom: CLI: show crypto mib ike flowmib failure doesn't shows correct reason for failure
Conditions: Incorrect failure reason is shown in case when ikev2 profile is configured and shut command is issued on tunnel.
Workaround: There is no workaround.
• CSCuj73916
Symptom: Traceback seen.
Conditions: while running ISAKMP D10 suite during codenomicon testing.
Workaround: There is no workaround.
• CSCum80300
Symptom: ASR1k running XE3.10 may crash in RP on executing the CLI "show crypto session"
Conditions: More than 1000 crypto sessions and executing the cli "show crypto session".
Workaround: There is no workaround.
• CSCuh30746
Symptom: XE3.10 "show version" can not find license information
Symptom: MCP asr1k invisibility test for LI fails.
Conditions: None.
Workaround: There is no workaround.
• CSCue48471
Symptom: Currently, there is no way to detect ILAK OOB CRC error.
Conditions: None.
Workaround: So, a cli is implemented to check if we have any interrupt pending or not.
sh pl hard slot < slot num> plim statistics internal.
• CSCue92637
Symptom: Review comments for CSCue17512/CSCue93536 (Phy Interrupt Handler)
Conditions: None.
Workaround: There is no workaround.
• CSCuj36793
Symptom: Commit of CSCud71821 is causing a problem during MDR; the reload causes the cc to go offline and a rommon status of bad_rommon is shown.
460Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Conditions: None.
Workaround: There is no workaround.
• CSCuj83383
Symptom: This is not visible to customer as it prints a wrong reset cause on being reset through ELC console CLI. ELC Console is not present in production boards.
Conditions: This problem occurs when the user tries to reset the ELC through ELC console CLI.
Workaround: There is no workaround.
• CSCul09398
Symptom: Ping will not work after replacing Cu SFP with Optics SFP in the same port of ELC.
Conditions: When CU SFP was inserted, speed other than 1000 should be configured and then remove the SFP and insert Optics SFP.
Workaround: Unconfigure speed on CU SFP then remove the SFP or Reload the card.
• CSCul49981
Symptom: failed to initialize qos EA with rp2 super image in mcp_cable_xos branch.
Conditions: None.
Workaround: There is no workaround.
• CSCul80246
Symptom: FPD upgrade/downgrade, LC offline message is seen twice.
Conditions: None.
Workaround: There is no workaround.
• CSCum66182
Symptom: SNMP Query on the object dot3StatsDuplexStatus is shown as unknown.
Conditions: While testing Ether-Like MIB for ASR1000-6TGE.
Workaround: There is no workaround.
• CSCum85290
Symptom: IOSD Stack and Heap are R/W/X.
Conditions: None.
Workaround: There is no workaround.
• CSCui57809
Symptom: subscriber template cause session session teardown with no reason cause.
Conditions: None.
Workaround: There is no workaround.
• CSCuj09925
Symptom: In a PPPoE dual-stack environment, the Delegated-IPv6-Prefix is not sent to the start accounting record. The Delegated-IPv6 Prefix is logged only in the next Interim record, but this can take a long time depending on the configured update period.
Conditions: Delegated prefix allocated from an IPv6 pool which is configured via Cisco-AVPair "ipv6:delegated-ipv6-pool" in the RADIUS server.
Workaround: There is no workaround.
461Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCul38850
Symptom: Finding the actual root cause of CSCul30317.
Conditions: None.
Workaround: There is no workaround.
• CSCul97900
Symptom: IPSUB EVSI Create Error counter is incremented post churn test.
Conditions: None.
Workaround: There is no workaround.
• CSCum62975
Symptom: PPPoE session stuck in LCP,WT_ST upon establisment with CoA-LI noaction.
Conditions: None.
Workaround: There is no workaround.
• CSCui11721
Symptom: rLFA-FRR convergence time is over 50ms when primary path is ATM.
Conditions: None.
Workaround: config 3.33ms interval BFD in ATM port.
• CSCuj55984
Symptom: GetVPN crypto gdoi re-reg fails
Conditions: When active traffic and when the WAN intf flaps
Workaround: Issue "clear crypto gdoi" on UUT.
• CSCul72419
Symptom: GM doesn't process 'clear crypto gdoi ks members'.
Conditions: ASR1K GM configured with 1 GETVPN group.
GETVPN group uses client registration interface loopback.
Apply the crypto map to 2 sub-interfaces.
Workaround: There is no workaround.
• CSCul69572
Symptom: Warning messages observed when we configure 'source-interface loopback 'num' on the NVE interface.
Conditions: Issue observed whenever we configure the souce-interface command on the NVE.
Workaround: There is no workaround.
• CSCun06003
Symptom: OTV fragmentation join-interface command cannot be removed from the configuration. When the system is in this state the system fails to fragment large MTU packets.
Conditions: On a ASR1002-X running IOS-XE 03.10.01.S enable otv fragementation on a system with a dot1q sub interface as the join interface then recycle the power of the ASR.
Workaround: Replace the existing configuration.
• CSCtu43369
462Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: CFLOW ASR1K: with diff file, cflow image included un-changed functions.
Conditions: None.
Workaround: There is no workaround.
• CSCuj00564
Symptom: The PL can't add extracted fields for new protocols using ppack
Conditions: None.
Workaround: There is no workaround.
• CSCuj68160
Symptom: iosd may crash.
Conditions: on doing rpswo with avc config.
Workaround: There is no workaround.
• CSCul38819
Symptom: Crash on ASR1K with PfR enabled.
========= Exception Tracebacks ==================Exception to IOS:Frame pointer 0x7F83892D19D0, PC = 0x2BE0D68IOS Thread backtrace:UNIX-EXT-SIGNAL: Segmentation fault(11), Process = OER Border Router
Conditions: None.
Workaround: There is no workaround.
• CSCtu21992
Symptom: MLPPPoEoA: Pending AOM ack for ATM VC create on standby FP.
Symptom: Tracebacks seen after router reload in scaled PPPoE Environment.
Conditions: None.
Workaround: There is no workaround.
• CSCtt21586
Symptom: Kingpin "cc" bandwidth maxed out at 10G
Conditions: None.
463Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: There is no workaround.
• CSCtw74124
Symptom: For a slot housing the Cisco ASR1000-SIP40, or on a Cisco ASR1002-X, the output of the show platform hardware slot <slot#> plim buffer settings detail command always shows the value of Max always as “0“ in the "Fill Status Curr/Max" filed, even when the Rx buffers have been utilized.
Conditions: When the SPA Aggregation ASIC has been flow controlled by the Network Processing Unit, the buffers inside the SPA Aggregation ASIC will start filling up.
Workaround: There is no workaround.
• CSCua55528
Symptom: %SYS-3-CPUHOG Errors, and Trace backs seen while performing config replace
Conditions: Configurations are done on both ELC ports and 1 GIGE ports.
Workaround: There is no workaround.
• CSCud47058
Symptom: Committed Memory value 96% exceeds warning level 95% on 4RU ISSU SIP upgrade.
Conditions: This symptom is observed when performing a SIP ISSU upgrade in a 4RU.
Workaround: This is just a warning message. There is no impact on the functionality or the traffic.
• CSCuh36075
Symptom: NSPR: asr1k skips booting sometimes from USB after send break is initia
Conditions: None.
Workaround: There is no workaround.
• CSCuj44771
Symptom: Queue_depth value incorrect with FRR Scaling
Conditions: Queue_depth values are not getting back to the original value(0) while shuting the interface
Workaround: There are no workaround.
• CSCul25518
Symptom: Nightster: IOS and Linux mismatched detection of media size.
Conditions: None.
Workaround: There is no workaround.
• CSCul33598
Symptom: On a dual RP system such as ASR1006 and ASR1013 standby RP polls for power supply sensors along with local environment sensors.
Conditions: An ASR router with dual RPs.
Workaround: There is no workaround.
• CSCul33952
Symptom: FTP file-transfers running very slowly when source interface is management interface due to excessive check-sum failures.
Conditions: source-interface for the ftp file-transfer is management ethernet interface.
Workaround: There is no workaround.
464Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCul43601
Symptom: ASR 1RU IOS Boot time Excessive - eUSB File System Correction.
Conditions: None.
Workaround: There is no workaround.
• CSCul68223
Symptom: We saw RP CPU Spike using ASR1001/3.7.4S from "monitor platform software process rp active".
The config is very simple(the default config, almost).
When the CPU is high, the value is about 30-40%.
Conditions: None.
Workaround: There is no workaround.
• CSCul80669
Symptom: 2KP:%IOSXE-3-PLATFORM: R0/0: kernel: bullseye_i2c_ Error seen on mcp_dev
465Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: There is no workaround.
• CSCum46475
Symptom: TM VC object pending in AON
BRAA04-asr#show platform software object-manager f0 pending-ack-update Update identifier: 477862718 Object identifier: 227150073 Description: ATM PVC at ATM1/2/1.1, VCD 528, FCID 55163, Hw-FCID 65535, state 0x40608, dirty 0x0 Number of retries: 0 Number of batch begin retries: 0asr#show platform software object-manager f0 object 227150073Object identifier: 227150073 Description: ATM PVC at ATM1/2/1.1, VCD 528, FCID 55163, Hw-FCID 65535, state 0x40608, dirty 0x0 Status: Pending-acknowledgement, Epoch: 0, Client data: 0x13d55170 Issued action Update identifier: 477862718, Batch identifier: 0 Batch type: unknown Action: Create
Conditions: None.
Workaround: There is no workaround.
• CSCum73826
Symptom: Change LI ucode to use a union for 64-bit access vs. and type cast
Conditions: None.
Workaround: There is no workaround.
• CSCug60382
Symptom: NTE payload type is renegotiated as asymmetric which some device cannot support.
Conditions: Mid call late invite to trigger renegotiated and the answer in SDP from initiator has different nte payload type as nte payload from offer 200(invite) in other side.
Workaround: Remove nte payload in ACK using lua script.
• CSCuh29125
Symptom: in meetme confernece calls, the call-id/tag modification for NOTIFY work for pre-INVITE NOTIFY, but it seems does not work pre-BYE NOTIFY
Conditions: There is no known condition.
Workaround: There is no workaround.
• CSCul50470
Symptom: false pool exhaustion with route-map + dynmaic nat
Conditions: atleast two nat mapping are present.
Workaround: There is no workaround.
• CSCum03118
Symptom: A complete VRF NAT unconfiguration may take a long time (up to 1 hour or more in some cases).
Conditions: VRF-aware NAT is configured on IOS-XE based platforms.
Workaround: There is no workaround.
466Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCum49324
Symptom: 200 OK is dropped.
Conditions: 2+ contacts, ip address is to be modified.
Workaround: There is no workaround.
• CSCum68074
Symptom: many packets are dropped for NatIn2out cause
Conditions: PAT, interface overload.
Workaround: PAT pool overload.
• CSCuc59324
Symptom: Errors while executing the request platform software package clean command.
Conditions: After executing subpackage ISSU upgrade procedure, the request platform software package clean command is giving errors.
Workaround: There is no workaround.
• CSCud08001
Symptom: Copying image to the standby RP takes very long time comparing to copying same image to the active RP. For the ASR1K RP2 image, the time can be 20min vs 5 min.
Conditions: None.
Workaround: There is no workaround.
• CSCul65261
Symptom: write bus access failed with fpd upgrade
Conditions: This condition is observed during FPD bundled upgrade
Workaround: There is no workaround.
• CSCui20319
Symptom: Pending issues/ack is observed on ESP
Conditions: Must meet all following conditions:
1. When port-channel vlan loadbalacing mode is enabled on Port-channel EVC with large scale of EFPs on one port-channel (8000 in this case)
2. EFPs on Port-channel are assigned to different links.
3. When the efps and port-channel are remove using one command "no int port-channel x"
4. Then the scale config and link assignment are added back by copying back the scale config
Workaround: Separate EFP removal and port-channel link removal (remove efps, the remove int port-channel) separate EFP config and port-channel link config (add EFP first, then add links to port-channel).
• CSCul37689
Symptom: With 76xx, customer associates more service instances of each access point to the same bridge domain to create a point to point local switching.
Mac-learning in the bridge domain is disabled and therefore NOT limited by number of MAC addresses used.
For asr1k is expected to implement same behavior under this feature.
Conditions: None.
467Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Workaround: There is no workaround.
• CSCum91081
Symptom: CAM not getting flushed immediately after link flap on ASR1k.
Conditions: None.
Workaround: There is no workaround.
• CSCum99115
Symptom: ELine:Def Encap-Access intf connect to PE goes downon shut service Inst.
Conditions: None.
Workaround: There is no workaround.
• CSCue91054
Symptom: ESP crashed when sending IPv6-fragmented traffic through DMVPN hub (MGRE tunnel).
Conditions: This condition occurs when sending big IPv6 packets (need to do IPv6 fragmenation after adding tunnel header) traffic through DMVPN hub. Large amout of IPv6 fragment traffic, for example, 5G on ESP20, which exceeds re-assembly performance number that is less than 2G.
Workaround: Change MTU to avoid IPv6 fragmentation.
• CSCuh82039
Symptom: mldp: multicast data leaks into other vrfs in sparse-mode on ASR1K scale.
Conditions: None.
Workaround: There is no workaround.
• CSCui43325
Symptom: Traffic blackhole for v6 SSM groups after flapping bgp loopback interface on the egress PE
Conditions: This condition is observed during BGP loopback interface flap
Workaround: Unconfigure-reconfigure the mdt default command under the v6 address-family for the vrf
• CSCul61549
Symptom: The requirement is 7.5Mpps for nightster, but the actual is only 5.78Mpps.
Conditions: None.
Workaround: There is no workaround.
• CSCul69990
Symptom: LSPVIF missing in OIF on flapping mpls mldp for v4 traffic.
Conditions: None.
Workaround: There is no workaround.
• CSCum71765
Symptom: IGMP reports for autorp group is not punted on flapping BGP address.
Conditions: None.
Workaround: There is no workaround.
• CSCul40478
468Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: Crash was seen in periodic accounting process due to the stale reference of the attribute list with AAA accounting DB (this specific attribute list is used by the periodic accounting process for sending the interim accounting records).
Conditions: The trigger is currently unclear. Will update RN after our engineering provided me the final root cause analysis.
Workaround: There is no workaround.
• CSCul55275
Symptom: Stale shim-db entries on stby rp and same database corrupted.
Conditions: None.
Workaround: There is no workaround.
• CSCum03411
Symptom: Support for extended RTP ports.
Conditions: None.
Workaround: There is no workaround.
• CSCuj19293
Symptom: Bindings are present after inconfiguring Static NAT mappings
Conditions: This symptom is observed when static NAT is mapped with route-map
Workaround: There are no workaround.
• CSCul48593
Symptom: Active FP crashed due to stuck threads @ipv4_nat_bpa_free_port.
Conditions: None.
Workaround: There is no workaround.
• CSCum04528
Symptom: An ASR 1002-X router might crash and reload writing a core file in the process.
Conditions: ASR1002-X running NAT with ALG traffic
Workaround: There is no workaround.
• CSCun12095
Symptom: Pool exhaustion msg with 0 trans.
Conditions: unconfiguring 64 pools and re-adding 34 pools and sending traffic.
Workaround: There is no workaround.
• CSCum40972
Symptom: XE3.11 EoGRE - GTPv2 does not always authenticate session.t
Conditions: None.
Workaround: There is no workaround.
• CSCts56332
Symptom: ipsec client update platform_db items for Kingpin/FP80/FP160/Nightster.
Conditions: None.
Workaround: There is no workaround.
469Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCug19588
Symptom: IKEv2 TPS performance degradation over time.
Conditions:This occurs in the lab under extreme test conditions with traffic running during session bring-up.
Workaround: Reduce traffic and or reduce session bring-up rate.
• CSCui53563
Symptom: Crypto-Engine(h/w encryption) is inactive
Conditions: This condition is observed during rp_switchover the HUB and pass the traffic to bringup the tunnels UP
Workaround: There is no workaround.
• CSCuj55363
Symptom: In the lisp getVpn solution test, when the getvpn profile is applied in physical interface in the data path flow (such as interface between GM1 to core), the traffic got dropped with qfp error of "IpsecIkeIndicate"/"OUT_V4_PKT_HIT_IKE_START_SP" when the getvpn profile is applied to the LISP0 interface, Encrypted traffic flows in the LISP setup properly
Conditions: getvpn profile is applied to the physical interface instead of lisp interface.
Workaround: Apply getvpn profile in lisp interface.
• CSCuj67691
Symptom: Seeing performance drop with 82bytes for IPSEC dVTI feature for latest XE3.11 & mcp_dev images when compared to RLS3.8.0 & RLS3.10.0.
Conditions: None.
Workaround: There is no workaround.
• CSCul52578
Symptom: IPSec does not work properly for 1ru platform, de-capsulation feature is disabled
Conditions: None.
Workaround: There is no workaround.
• CSCum08112
Symptom: After IPsec tunnel flapping, ASR1k can't send packets over the tunnel though the tunnel seems to be established correctly.
When you encounter this problem, you can see the following syslog on the other side of IPsec.
Conditions: The "tunnel destination" and "tunnel source" are loopback interfaces.
And ASR1k has a backup route for the tunnel destination.
And the MTU of the outgoing interface of the backup route should be different from the MTU of outgoing interface of primary route.
In this situation, flapping a physical interface that is outgoing interface of an IPsec tunnel causes the symptom above.
Workaround: Making the MTU of outgoing interfaces of both primary and backup routes same can avoid this problem.
470Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Clearing SA on either end of IPsec can recover the situation.
• CSCum13378
Symptom: An ASR1K configured as an IPSec endpoint may fail to reassemble fragmented ESP packets . During this failure state, the router will also log %ATTN-3-SYNC_TIMEOUT errors.
Conditions: UDP packet of a specific size received on the clear side of the ASR is known to trigger this issue.
Workaround: Use software crypto for large packets received on the clear side by configuring post-frag encryption - crypto ipsec fragmentation after-encryption. This will prevent the ASR from getting into the ATTN_SYNC state.
• CSCum99823
Symptom: ASR1001 router FP crashed as DMVPN HUB.
Conditions: Crash happens randomly.
Workaround: There is no workaround.
• CSCun16532
Symptom: SSLVPN:disconnect from client not working
Conditions: None.
Workaround: There is no workaround.
• CSCun16538
Symptom: SSLVPN:ssl close not notified to control plane.
Conditions: None.
Workaround: There is no workaround.
• CSCue59450
Symptom: IOS XE Watchdog message seen along with RP and SIP crash
Conditions: This symptom is observed when continuous ARP request on the interface having VRF Receive configured on it.
Workaround: There is no workaround.
• CSCum81699
Symptom: ASR1000 with low memory on both the RP and ESP
Symptom: XE311 RP crashes @%SCHED-2-NOTWATCHTIMER: managed timer not being watche.
Conditions: None.
Workaround: There is no workaround.
• CSCud77672
471Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: Add per subdevice IPC queues for FP80/FP160.
Conditions: None.
Workaround: There is no workaround.
• CSCul27478
Symptom: Time sync problem between QFP and IOS.
This out of sync appears at some platforms and causes complete breakage of punt performance monitors.
Conditions: asr1002 RP1 ESP5 and asr1004 RP2 ESP20 after system reload
Workaround: ntp server configuration is must.
delay after reload was done for a system 5-40 mins.
• CSCul59422
Symptom: Pending objects seen on ATM on booting mcp_dev image.
Conditions: None.
Workaround: There is no workaround.
• CSCum49213
Symptom: ESP crash
Conditions: None.
Workaround: Use debug platform hardware qfp active datapath trace packet for short periods of time.
• CSCum93027
Symptom: ASR1k running IOSXE 3.11.0 and above crashes under the following conditions.
Conditions: Do the following in the same order:
1. Configure a sub-interface with IPv6
2. Configure OSPFv3 on the sub-interface.
3. Configure IPSec auth for OSPFv3 on the sub-interface.
4. Shutdown the sub-interface.
5. Remove the sub-interface.
Workaround: There is no workaround.
• CSCun13772
Symptom: CPUHOG messages and watchdog timeout crashes are observed on an ASR1000 series router running DMVPN.
Conditions: This has been observed on a router with a very large NHRP table (10-20k individual entries) with a very high number (thousands) of child entries per parent entry.
Workaround: Reduce the number of child entries per parent entry through the use of supernetting.
• CSCum81041
Symptom: One way audio incoming calls redirected through CVP.
Conditions: None.
Workaround: There is no workaround.
• CSCum90509
472Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: No RTP Connections for RSVP Features in XE3.7 image
Conditions: None.
Workaround: There is no workaround.
• CSCun02605
Symptom: ASR crashes ith no known trigger in CCSIP_SPI_CONTROL process
Conditions: It is an error scenario where crash occurs when router is not able to send ACK for 200 OK where branch parameters differ.
Workaround: There is no workaround.
• CSCul46792
Symptom: VC's remain down on ISSU from pre XE3.12 to XE3.12
Conditions: VPLS BGP Signalling is configured. VC's are established in the Active RP
Workaround: There is no workaround.
• CSCun09149
Symptom: PW's down on ISSU from XE3.11/XE3.12 downgrade to XE3.10.
Conditions: LDP Signalling with LDP NSR enabled.
Workaround: Disable NSR during ISSU downgrade.
• CSCun10276
Symptom: VC's remain down on ISSU from Xe312 -- > XE311.
Conditions: Issue seen after ISSU runversion.
Workaround: There is no workaround.
• CSCuj94283
Symptom: 2048K clock (unframed)mode fails to come up on MN_BITS of Nightster if we have 2 src on MN SPA.
Conditions: 2048k + synce source config must be present on 1ng.
Workaround: There is no workaround.
• CSCuc82799
Symptom: MDR:A PLIM driver has critical error TXPA1 - txmcFifoEopMapUbe
Conditions: This condition is observed during Consolidated MDR upgrade
Workaround: There is no workaround.
• CSCum86116
Symptom: IKEv2 static routes are present in the output of "show crypto ikev2 sa remote ... detail" but not in the IP routing table.
Conditions: In some cases with static tunnels, when a new IKEv2 SA is established, after a connectivity issue, the IKEv2 static routes are not present in the routing table.
Workaround: In some cases the customer may be able to manually add static routes.
473Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCua17796
Symptom: XE3.8: IOSXE-WATCHDOG: Process = Licensing Auto Update Process.
Conditions: None.
Workaround: There is no workaround.
• CSCum40181
Symptom: Router crash is seen while brining up 15k to 29K PPP ATM sessions using Profile 1b config.
Conditions: IOS image crash is seen on session flap, specifically when ANCP sessions are brought up. IOS image may also crash after HA Switch Test, and bringing up of ANCP Sessions
Workaround: There is no workaround.
• CSCue94537
Symptom: Tail drops are seen on FP 160 with HP traffic on ASR1000-2T 20X1GE Ethernet Line card.
Conditions: When ASR1000-2T 20X1GE Ethernet Line card interfaces are configured with Service-policy to classify the egress Traffic and sending 40gbps of bi-directional traffic causes Tail drop on the QFP
Workaround: Configure the Service-policy with larger q-limits. Policy-map test class prec1 priority level 1 q-limit 5000 packet More Info:
• CSCul07137
Symptom: IFCFG timeouts will happen on Reload or Shut/No shut of Scaled Vlan Port.
Conditions: Ethernet Line card with Scale QinQ having fixed outer vlan and range of VLAN configuration on reload or Shut/No shut, IFCFG Timeouts are observed.
Workaround: There is no workaround.
• CSCum52407
Symptom: $$IGNORE Code changes made to run on non-secureboot ARGUS do not work on Secureboot P2 cards.
Conditions: $$IGNORE modify existing rommon so that same code can be compiled to run on both SB and non-SB cards through a compile-time switch.
Workaround: There is no workaround.
• CSCuh60925
Symptom: IOSd will crash with the introduction of the two punt path streams with 321 and 1500 byte packets.
Conditions: Two punt path streams with 321 and 1500 byte packets and the policer set to the max. allowed of 146Kpps.
Workaround: Do not allow high traffic rates on the punt path.
• CSCul49852
Symptom: A router might see PPPoE-sessions in status WAITING_FOR_STATS (or WT_ST).
Conditions: The system is configured as BRAS aggregating PPPoEoA or -oE-sessions. The issue was seen for just specific users or possibly because of using a specific profile or service like ShellMaps and Radius.
Workaround: There is no workaround.
474Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCum00444
Symptom: Memory leaks after churning sessions (unclassified mac).
Conditions: Error condition in case of second stack (ipv4/ipv6)coming.Happening during session churn.
Workaround: There is no workaround.
• CSCtx72973
Symptom: Config-sync failiure is seen when unconfiguring the crypto gdoi group.
Conditions: Seen on HA setup.
Workaround: There is no workaround.
• CSCul14769
Symptom: SSH ver changed from 2 to 1 during upgrade/downgrade [3.4.0aS to 3.7.3]
Conditions: None.
Workaround: There is no workaround.
• CSCun00236
Symptom: MST TCNs are not sent over a port-channel access interface after an AED change.
Conditions: Dual-home AEDs at a site with port-channels used as the access links. The join or overlay interface goes down to cause an AED change.
Workaround: Use an EEM script to bounce the access interfaces (port-channels). This should cause the access switches to flush their MAC tables and redirect traffic to the new AED.
• CSCun05927
Symptom: Overlay with join interface in VRF does not come up and gives "overlay DIS not elected" message.
Conditions: Using ASR1002-X and ASR1001 there is a single physical interface to the SP. There are 2 dot1Q sub interfaces off the physical interface with one of the sub interfaces in a VRF and the other in the global table. Both sub interfaces are configured as join interfaces, each with it's own overlay interface.
Workaround: There is no workaround.
• CSCul27192
Symptom: Few thousand sessions are not synced to standby after session churn.
Conditions: None.
Workaround: There is no workaround.
• CSCum09359
Symptom: Few sessions remain stuck in "ack-wait" state after overnight churn test.
Conditions: None.
Workaround: There is no workaround.
• CSCul24025
Symptom: ASR1K crash @__be_slaComponentProcessEvent when unconfigure ip sla udp-jitter
Conditions: configure 4000 CPP timestamp IP SLA udp-jitter and then unconfig all
Workaround: There is no workaround.
• CSCtu47871
475Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
Symptom: ASR crashes without crashinfo and last reload reason as watchdog.
Conditions: Happened once and not been reproducible.
Symptom: standby RP crash @mfib_backwalk_adj_notify on doing CC reload
Conditions: None.
Workaround: There is no workaround.
• CSCuj82421
Symptom: the board will not be shutdown expectedly
Conditions: configure "facility-alarm critical exceed-action shutdown". A sensor in remote FRU exceeded the shutdown temp.
Workaround: shutdown the remote board manually.
• CSCun06172
Symptom: Non unique region names used for DSO.
Conditions: None.
Workaround: There is no workaround.
• CSCug91498
Symptom: BFD session flap.
Conditions: When large programming message send down to CPP.
Workaround: There is no workaround.
• CSCuj96470
Symptom: On performing SPA OIR with configuration of Unicast/Multicast/Broadcast storm control on 32k EFPs,fman_fp core was observed
Conditions: This issue is seen on FP100 card.
Workaround: Stop the traffic before performing a SPA OIR.
• CSCuf82128
Symptom: ASR-CUBE: Crash observed with DSMP.
Conditions: Load scenario issue is observed.
Workaround: There is no workaround.
• CSCun08855
Symptom: ASR router crash with iosd punting packet to port-channel with ERSPAN configured on the router.
Conditions: port-channel and ERSPAN configured on the router.
Workaround: There is no workaround.
476Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11.1S
• CSCuc23941
Symptom: Our SIP to H323 calls, which are strictly G.729 w/o Annex B, ceased working following the ASR1006-based SBC upgrade from 3.2.1.S.151-1.S1 to 3.4.2.S.151-3.S2. Looks like the SBC now offers G.729wAnnexB at the H323 side, which is configured to reject anything but G.729 w/o Annex B. The calls resume working upon rollback to the old code.
When offering G.729 at the H323 side the SBC must not add AnnexB unless it is being explicitly requested by the caller or as per SBC config.
Conditions: Permanent.
Workaround: There is no workaround.
• CSCum19739
Symptom: fp crash with ip nat cgn mode enable.
Conditions: config NAT pool overload , start 300cps sip traffic including NAT and non-NAT, Enable cgn mode with "ip nat setting mode cgn"
Workaround: There is no workaround.
• CSCum73773
Symptom: QFP crash
Conditions: remove ip nat setting mode and run "sh pl hard qfp ac statistics drop".
Workaround: There is no workaround.
• CSCun04417
Symptom: GTP U packet forwarding capability is downgraded.
Conditions: 1 firewall session.
Workaround: There is no workaround.
• CSCuj89036
Symptom: IOSd crashes following an OIR of an eToken.
Conditions: OIR activity on either USB port of a single eToken.
Workaround: Do not OIR an eToken.
• CSCun07772
Symptom: Router crash
Conditions: Deleting subcriber's session in Attempting state by COA script below:
#!/bin/shCISCO=$1 # brasSessionID=$2CoaSecret='secret'#clear ISG session on BRAS/bin/echo "User-Name=\"undef\",Acct-Session-Id=\"$SessionID\",cisco-avpair=\"subscriber:command=account-logoff\"" | /usr/bin/radclient -x $CISCO:1700 coa $CoaSecret
Workaround: don't use COA script for deleting subscriber's session.
• CSCul48126
Symptom: Disambiguate address in gate keeper cache.
Conditions: None.
Workaround: There is no workaround.
477Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
This section contains the following topics:
• Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S, page 478
• Open Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S, page 541
Resolved Caveats—Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
This section documents the resolved issues in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S.
• CSCtw93694
Symptom: No calls shown in show call active voice brief, however many active calls may be running.
Conditions: There are no known conditions.
Workaround: There is no workaround.
• CSCtz13023
Symptom: A crash occurs during registration in SRST mode.
Conditions: This symptom occurs during registration in SRST mode.
Workaround: This issue is fixed and committed.
• CSCtz14973
Symptom: When tunnel source pivoting is used, based on track object states with FlexVPN client, it does not change tunnel source when there is change in track object state. Instead, it only changes tunnel source subsequent due to a DPD failure. This can lead to potential one-way traffic and traffic blackholing from spoke to hub.
Conditions: This symptom occurs when tunnel sources are dynamically set using object tracking feature.
Workaround:
– Use IKE routes using config-set.
– Use RPF (reverse path forwarding) check on the spoke outside interfaces, so that when traffic arrives from a hub on a interface, and there is no route, it will get dropped, thus DPD on spoke will delete existing IKE SA and cause.
– Use periodic IKE DPD (dead peer detection) on spoke.
– Enable IKE DPD on Hub.
• CSCtz76181
Symptom: ASR1001 or ASR1002 may report the following message after booting IOS
%IOSXEBOOT-1-BOOTFLASH_FAILED_MISSING: (rp/0): Required Bootflash disk failed or missing, reloading system
478Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Conditions: This Error message is due to the internal eUSB memory device rarely not responding to the initial accesses. A reboot will address the issue.
Workaround: Rebooting the system will clear the condition.
• CSCua73834
Symptom: IOS CA issues incorrect rollover identity certificates to its clients; the rollover certificates issued will have an expiry date corresponding to the end-date of the currently active (and soon to expire) CA certificate. Thus, the rollover identity certificate will not be valid after the CA rollover takes place.
Conditions: The symptom is observed only if the clients have sent the rollover certificate request via an IOS RA certificate server.
Workaround: There is no workaround.
• CSCub14611
Symptom: %IOSXE-3-PLATFORM: R0/0: kernel: physmap-flash.0: Chip not ready
Conditions: This symptom occurs when performing redundancy force-switchover on ASR1006 (RP1).
Workaround: Reload ASR1006.
• CSCuc09667
Symptom: Router experiences crashes due to SIP due to a freed pointer in memory.
Conditions: There are no known conditions.
Workaround: There is no workaround.
• CSCuc11809
Symptom: The number if IPSec SAs on the box keeps increasing.
Conditions: This symptom occurs when IPSec eekeys occurs due to volume lifetime exhaustion.
Workaround: Turn off the volume based rekey.
• CSCuc25582
Symptom: SIP secure phones drop calls when they Hold and Resume a call to a non-secure phone.
Conditions:
– CONDITION I (tested in lab) 8945 SIP Phone Reproduce steps:
3 phone A,B,C register to secure-SRST sip phone A B, sccp phone C. A,B in encrypted mode, phone C in non-secure mode. A call B, establish a secure call. B press transfer to C. After B and C establish a non-secure call, B press transfer. then B toast display call transfered successfully!, but A and C do not establish a call. phone A and C should establish a non-secure call.
– CONDITION II (Customer scenario) Secure SRST. SIP Phones registered to the router with secure and non-secure profiles. Call Flow:
SIP Phone A (secure) ---> SIP Phone B (non-secure). A pressed Hold, Resume. SIP Phone A (secure) ---> SIP Phone C (secure) -----> Transfers call to SIP Phone B (secure). Phone A is not asked by router to stop transmitting SRTP and switch to RTP. Problem has been observed on 6941, 7962 and 8945 SIP phones.
Workaround: There is no workaround.
• CSCuc25995
479Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Symptoms: A router unexpectedly reboots and a crashinfo file is generated. The crashinfo file contains an error similar to the following:
%ALIGN-1-FATAL: Illegal access to a low address 04:52:23 UTC Wed Sep 19 2012 addr=0x4, pc=0x26309630z , ra=0x26309614z , sp=0x3121BC58
Conditions: This symptom occurs when IPsec is used. More precise conditions are not known at this time.
Workaround: There is no workaround.
• CSCuc28077
Symptom: ASR router drops IPSEC packets that are larger than the MTU and no error message is logged. Following is the error message:
%CRYPTO-4-RCVD_PKT_INV_SPI
Error messages were available in earlier releases, but in the newer XE 3S releases no logs are available for troubleshooting even during drops.
Conditions: Router A and router B act as CE access routers in an MPLS/VPN network. The command ipsec fragmentation after-encryption is enabled on router A, but platform ipsec reassemble transit is not enabled on the peer router B.
Workaround: There is no workaround.
• CSCuc29179
Symptom: ASR1k filters out the ARP requests with its own src address. This leads to ping failure between two interfaces which belong to different vrf and own same IP subnet; vrf v1 1.0.0.1/24 and vrf v2 1.0.0.2/24, for instance.
Conditions: gig0/0/0 connected b2b to another interface on same router (with VRF configured on atleast one of the interfaces).
Workaround: Configure some mac on gig0/0/0 and then unconfigure the mac.
• CSCuc31339
Symptom: Console error message similar to the following:
%ASR1000_INFRA-3-EOBC_SOCK: R0/0: linux_iosd-image: Socket event for EO0, fd 16, failed to send 1472 bytes; Resource temporarily unavailable.
Conditions: This symptom is observed when large number of features are configured.
Workaround: There is no workaround.
• CSCuc44571
Symptom: Router crash related to DNS and VRF
Conditions: This symptom is observed in ASR running IOS XE image 03.07.03.S
Workaround: There is no workaround.
• CSCuc58220
Symptom: CME not pushing agent stats fields to tftp.(logged in and out times)
Conditions: This symptom is observed when Benelli specific fields not getting pushed.
Workaround: There is no workaround.
• CSCud30442
Symptoms: On ASR1002 system, show platform hardware crypto-device context packet count does not show correctly.
480Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Workaround: There is no workaround.
• CSCud33882
Symptom: SIP phones not registering to SRST when number cli with wild card configured under voice register pool.
Conditions: This symptom occurs when you configure number cli with wild card configuration under voice register pool. number 1 900....
Workaround: Create separate pools for all the phones without wild cards.
• CSCud68778
Symptom: Reset reason is not correctly displayed for some of the IOS-XE reloads.
Conditions: This symptom is observed when IOS-XE reloads due to punt path keepalive failure.
Workaround: There is no workaround.
• CSCud69110
Symptom: IKE_CP_ATTR_SPLIT_EXCLUDE support is needed on IOS side for anyconnect client.
Conditions: This symptom is observed when you include local LAN.
Workaround: There is no workaround.
• CSCud69349
Symptom: Ipsec-MIBs:- cikeTunHistPeerLocalValue and cikeTunHistPeerRemoteValue does not return an IP address
Conditions: There are no known conditions.
Workaround: There is no workaround.
• CSCud87915
Symptom: EzVPN client cannot access the Internet over the VPN. Access to Hub internal resources works fine. The ZBF firewall on the Hub drops the encrypted ESP(udp) traffic from self to out containing reply from the host on the Internet. Log on the hub:
*Dec 28 15:34:51.189: %FW-6-DROP_PKT: Dropping udp session 8.8.8.2:0 8.8.8.1:53000 on zone-pair self-out class class-default due to DROP action found in policy-map with ip ident 0 source IP and port is incorrect.
Conditions: EzVPN client behind NAT and source port is PATed - is not udp 4500. EzVPN client reaching the Internet with u-turn on the Hub. Hub has ZBF policy from self to outside permitting VPN traffic. Hub has CEF enabled.
Workaround: Remove the ZBF policy from self to outside.
• CSCue14418
Symptom: Only single L2TP IPSEC vpn client can connect to vpn when they are behind PAT device even though NAT DEMUX is configured.
Conditions: VPN clients behind PAT device.
Workaround: There is no workaround.
• CSCue18003
Symptom: Packets drops occur when performing a ping-from an ASR1001 console with packets of large size (i.e. several kilobytes).
481Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Conditions: This issue is specific to the ASR1001 and requires a burst of data from the Control Plane to the Forwarding Plane such that internal hardware buffers are saturated. Normal processing will continue, however there will be drops when the hardware buffer is full.
Workaround: The is no workaround.
• CSCue22769
Symptom: The user should not be allowed to reconfigure an existing NAT64 dynamic mapping if the mapping has active translations.
Conditions: Issue occurs when modifying a dynamic NAT64 mapping with active translations to an overload NAT64 mapping.
Workaround: Clear the translations before modifying the mapping, or delete the mapping with a forced option before configuring overload.
• CSCue37000
Symptom: We saw again GTP-U drops for communication that should not have been dropped. Swisscom agrees that this might be related to some timers and pending PDP sessions that need to be terminated. Since local tests with mobile devices were all successful, Swisscom wants and needs to go for 24 h test to see if the GTP-U drops really lead to a service impact for mobile users. To document this issue, a SR was opened: SR 624629207 ASR1K? Release 3.7.2 -GTP?U drops due to missing pinholes All log files and a PCAP file are attached to that SR.
Conditions: There are no known conditions.
Workaround: There is no workaround.
• CSCue39456
Symptom: There is no CLI options and flags for enabling/disabling the EZchip provided debug levels.
Conditions: Popinac ELC.
Workaround: There is no workaround.
• CSCue40120
Symptom: Small packet performance for multicast traffic has unexpected dip with 03.07.01S on ESP40.
Conditions: A change made while optimizing performance for ESP80 and ESP160 was to use the internal recycle queue for the root of the replication tree instead of the leaves recycle queue used for all other nodes. Unknowingly, this resulted in a big performance impact on the ESP40.
Workaround: Small packet performance can be returned to acceptable levels by disabling MLRE with the configuration command platform multicast lre off. The downside of disabling MLRE is that large packet performance will be reduced by almost half for large packets.
• CSCue43682
Symptom: Transcoding sessions are intermittently becoming stuck after call is cleared.
Conditions: When transcoding configured in DSPfarm.
Workaround: Reload Gateway F.
• CSCue48419
482Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Symptoms: The Cisco AS5350 stops processing calls on PRI with a signaling backhaul from PGW. In the packet trace, there is no q931message from PGW. Further analysis shows that as5350 sends a q_hold (0x5)message in BSM, causing peer (PGW) to stop sending signaling traffic. However, there is no BSM_resume message or BSM_reset sent after it. Hence, PGW is stuck in this condition. There was earlier defect for CSCts75818 with similar symptoms in U-state.
Conditions: This symptom is observed due to some RUDP timing issues that cause BSM session switchover.
Workaround: Reload the Cisco AS5350 (but only when CU notices the outage). Also, shutting both Ethernet interfaces may help, but this workaround has not been tested.
• CSCue50255
Symptom: ASR1K ucode crash with interrupt cause REM_REM_MISC_ERR_LEAF_INT_INT_REM_POP_REQ_TO_EMPTY_SCHED
Conditions: Issue can be seen on when flapping a Multilink PPP or MLFR interfaces. Timing window to hit this issue is very small so not a common occurrence on a bundle flap.
Workaround: There is no workaround.
• CSCue50353
Symptom: Call failure / disconnect during Call hold seen after SSO.
Conditions: When call hold is with c-line=0.0.0.0 in flow around mode.
Workaround: There is no workaround.
• CSCue52278
RNE Enclosure Symptom: ASR cube-ent failover happens under heavy load conditions.
Conditions: This issue is caused due to glare condition while destructing an established call under heavy load.
Workaround: There is no workaround.
• CSCue52655
Symptom: No Video legs out put for DO-DO BWcac with multicodec call.
Conditions: No Video legs out put for DO-DO BWcac with multicodec call.
Workaround: There is no workaround.
• CSCue60469
Symptom: Asr1001 Series router throws error messages when a RP (IOS) switch over is done.
Conditions: Asr1001 Series router throws error messages when a RP (IOS) switch over is done along with traffic.
Workaround: There is no workaround.
• CSCue62227
Symptom: SIP PSTN gateway may delay response to BYE message at end of a T.38 call.
Conditions: Incoming call to SIP gateway goes out a PRI Call successfully switches no T.38 BYE is received by SIP gateway. 200 OK response is delayed by a few seconds.
Workaround: There is no workaround.
• CSCue68380
Symptom: CUBE fails to send options-keepalive after dnslookup.
483Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Conditions: Sending out Options works fine when Dns is configured to IPv4. When Dns is configured to resolve to IPv6 address, Dial-peer is Busied Out with out sending the Options.
Workaround: Disabling Options Keepalive.
• CSCue69906
Symptom: Video calls are failing with improper call legs.
Conditions: After doing test case specific configurations, basic call is done. while checking the call legs after call is connected improper call-legs are seen on CUBE3.
Workaround: There is no workaround.
• CSCue75072
Symptom: Consult transfer with remote optional-mandatory strength fails as SDP precondition does not match.
Conditions: This happens only for consult transfer but not for blind transfer.
Workaround: There is no workaround.
• CSCue75395
Symptom: It is very difficult to debug empty video recordings.
Conditions: For all video recording calls.
Workaround: Do packet capture.
• CSCue78517
Symptom: mem-leaks found. with eap authentication.
Conditions: flexvpn client using eap authentication. mem-leak at every clint connect
Workaround: There is no workaround.
• CSCue80506
Symptom: Traceback at DMVPN Spoke registration, DMVPN QoS policy not deployed to datapath component.
Conditions: When there is a routing issue such that the ASR1k acting as the DMVPN hub can receive spoke registrations but does not have a valid route to the spoke (i.e. the spoke's forwarding interface is Null0) and the spoke's QoS configuration include a queuing feature, then the QoS policy will fail to get applied and the ESP will be in a state that requires it to be reloaded to recover from this.
Workaround: There is no workaround, but the following actions can get the router operational again.
1. Correct routing issue and reload the ESP and/or
2. Remove the QoS queuing feature and reload the ESP
• CSCue83683
Symptom: The Agent Greeting is not played out.
Conditions: This symptom is observed with the Agent Greeting Call Flow using CVP.
Workaround: There is no workaround.
• CSCue85737
Symptoms: ASR with PKI certificate may crash when issuing show crypto pki certificate command.
484Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Conditions: This symptom is observed when the show crypto pki certificate command is issued on ASR with PKI certificate.
Workaround: There is no workaround.
• CSCue86166
Symptom: The interrupt infrastructure is in place; the user space handling of interrupt delivery to Aggregation ASIC userspace driver code is not being done correctly.
Conditions: This fixes the user space handling of interrupt delivery to Aggregation ASIC user space driver code.
Workaround: There is no workaround.
• CSCue86848
Symptom: After execution of 'show platform hardware qfp active feature mma client policy-map name <name> detail' wrong number of classes were presented in detailed view.
Conditions: FAll tools avc config.
Workaround: There is no workaround.
• CSCue89779
Symptom: A FlexVPN spoke configured with an inside VRF and front-door VRF may have problems with spoke-to-spoke tunnels if they are not the same. During tunnel negotiation, two Virtual-access interfaces are created (while only one is needed), the one in excess may fail to cleanup correctly. As a result, the routes created by NHRP process may lead to loss of traffic, or traffic may continue to flow through the Hub.
Conditions: This symptom occurs when the VRF used on the overlay (IVRF) and the VRF used on the transport (FVRF) are not the same.
Workaround: There is no workaround.
• CSCue94576
Symptom: Both outgoing RTP streams are dropped on the router interface. When looking into output, both incoming and outgoing RTP streams are clearly visible, however packet capture from the interface contains only two incoming RTP streams. What is more, router console presents the following error message:
reason-header override Leak can be seen in normal call flow if DNS configured and DNS resolution fails because of insufficient bandwidth, not able to create SDP or container.
Workaround: There is no workaround.
• CSCue99331
Symptom: if mnc code is 001, aic can not match it.
Conditions: match mcc or mnc.
Workaround: There is no workaround.
• CSCuf02551
Symptoms: TRP Sessions not found after making Basic SRTP Call.
Conditions: Router loaded with c2951-universalk9-mz.SSA.153-1.4.T.
Workaround: There is no workaround.
• CSCuf06495
Symptom: GDOI version mismatch on KS1.
Conditions: Script executing show logging | inc CTS-SGT on secp23-11 (KS1). And showing the GDOI ver as 0x13EBE8B0 but instead of this it should show 0x1000002.
Workaround: There is no workaround.
• CSCuf09056
Symptom: The traffic may not be shaped correctly resulting in more traffic to leak through or the router crashes when model 3/4 subscriber policy is applied.
Conditions: The model 3 and 4 hierarchy is built incorrectly on ESP-100/200 and ASR1002X when the subscriber policy is added after the main interface is already active.
Workaround: There is no workaround.
• CSCuf09938
Symptom: LSC installation fails if the RSA Key pair size associated with CAPF server is larger than 512 Bytes.
Symptom: Only one call leg is shown at stand by router instead of 2 call legs.
Conditions: Issue is seen in HA set up on stand by router for fax call scenario between H323 <---> SIP.
Workaround: There is no workaround.
• CSCuf25027
486Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Symptom: Substantial drop of performance. High latency and packets drops.
Conditions: Router is configured with full AVC config (NBAR,ART,QoS) and Ipsec. This issue will be seen with high traffic (more than 500mbps). Packet drops can be verified by issuing this command.
show platform hardware qfp active statistics drop clear ------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- IpsecOutput 3250 3242721 Ipv4NoAdj 797 1056357 PuntErr 1 276
Workaround: Disable AVC from the interface.
• CSCuf35287
Symptom: Routes are not routed via the gateway being configured.
Conditions: Routes are not routed via the gateway being configured.
Conditions: There is no workaround.
• CSCuf39344
Symptom: In SBC-B2B, after no attach/attach an adjacency, calls rejected with 503 Service Unavailable.
Conditions:
– config vrf001 on BOX1(ACTIVE) then on BOX2(STANDBY).
– config adjacency's vrf&signaling-address and media-address ... vrf ... both refer to vrf001.
– switch-over.
– no attach/attach adjacency on BOX2(ACTIVE).
– later calls rejected with 503 Service Unavailable.
Workaround: Always add or change vrf related SBC config on the same box.
• CSCuf47227
Symptom: When the configuration option file verify auto is enabled and a local copy operation is done for a file that does not contain a signature, e.g. a log file or configuration back, the copy will fail.
Conditions: file verify auto is enabled in running configuration.
Workaround: Use copy /noverify or disable file verify auto.
• CSCuf49959
Symptom: A router may crash when the tunnel interface is flapped or while booting the router with VPN configs.
Conditions: The crash occurs in a VPN enabled scenario with either sessions being active and a shut/no shut is issued on the interface or the sessions coming up on the box after a reload.
Conditions: Observed tracebacks and traffic drop during MDR upgrade.
Workaround: There is no workaround.
487Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
• CSCuf64333
Symptom: DND does not show any status update unless you are in a hunt group.
Conditions: 6945 phone, running 9.3.3.2 and some earlier loads.
Workaround: There is no workaround.
• CSCuf73628
Symptom: Trace back is seen when user portion is missing in Req-URI or To Header URI.
Conditions: This symptom is observed in a basic call.
Workaround: There is no workaround.
• CSCuf73889
Symptom: Copper SFPs always show Half-Duplex in show interface.
Conditions: Basic copper SFP bringup.
Workaround: There is no workaround.
• CSCuf74026
Symptom: When the ipsec lifetime is changed globally it does not take effect on the ipsec session.
Conditions: Any ipsec implementation with ipsec profile.
Workaround: Unconfigure the lifetime from the ipsec profile.
• CSCuf74266
Symptom: ASR-CUBE: Crash observed with DSMP.
Conditions: Load scenario issue is observed.
Workaround: There is no workaround.
• CSCuf78556
Symptom: UPDATE is not being forwarded to UAC and it is being responded with 200OK to UAS. This issue is seen when UPDATE is received from UAS, when 18X transaction is still pending on UAC side.
Conditions: 18x response is transmitted reliably on both call-legs.
Workaround: When UPDATE is received from UAS after some delay (i.e after completion of 18X ?PRACK transaction on UAC side), then CUBE is sending the early dialog UPDATE to the UAC side correctly.
• CSCuf84655
Symptom: One-way video is seen while CUBE is trying to negotiate packetization mode=1 for H264 video codec in both the legs and one video endpoint doesn't support packetization mode=1 for H264 video codec.
Conditions: When there is DO-DO video call from a video endpoint which supports only Packetization Mode=0 for H264 video codec to a video endpoint which supports both packetization modes like 0 & 1.
Workaround: Make an EO-EO video call from the endpoint which only support packetization mode=0,so that CUBE will negotiate packetization mode=0 for both the legs and two-way video will be seen.
• CSCuf93376
Symptom: CUBE reloads while testing SDP pass through with v6.
488Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
OL-26698-25
Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S
Conditions: The symptom is observed while testing SDP pass through with v6.
Workaround: Do not use SDP pass through and use normal SIP processing call flows.
• CSCuf93460
Symptom: Certain PKI CLIs may show wrong values.
Conditions: First found on IOS 15.1(4)M6 but not exclusive to it.
Workaround: There is no workaround.
• CSCuf93471
Symptom: After a brief unavailability of LDAP CRL, no new CRL fetches can be performed. The following messages are seen on the interface: ---- Mar 28 08:23:37.988: CRYPTO_PKI: Retrieve CRL using LDAP DIRNAME Mar 28 08:23:37.988: CRYPTO_PKI: Failed to send the request. There is another request in progress. -----
Conditions: This symptom was first seen in Cisco IOS Release 15.1(4)M6. The issue is not limited to this release.
Workaround: Configure the revocation-check none command under the affected trustpoint. Reload the router.
• CSCug12136
Symptom: On an ASR1K the clock timezone command is meant to be used as follows: clock timezone zone hours-offset [minutes-offset] where zone is a text field e.g. EDT, PST, and hours-offset and minutes-offset are integers. Incorrectly adding a hyphen or a dash in the zone text field causes unintended and harmful behavior.
Conditions: One way to cause this to happen (essentially a typo) is to configure clock timezone EST-5 0 0 where one really meant to type clock timezone EST -5 0.
Workaround: If 0 is the intended offset it is probably best to simply remove the config line entirely. If 0 is not intended then correcting the typo will correct the issue. In any case the root cause of the issue is the hyphen in the text field and should always be avoided.
• CSCug14423
Symptom: A packet gets dropped when a spoke-spoke session is triggered in Dynamic Multipoint VPN (DMVPN).
Conditions: This symptom occurs when a ping is sent using a tunnel interface as the source or the destination.
Workaround: Send traffic from host-host.
• CSCug15520
Symptom: Hit an ucode crash in lisp zbfw scaling case, scaling number is 500 lisp instances, 50k eid table, 500 pair zone. The crash is hit in unconfigure fw data stage. it is reproducible.
Conditions: Unconfigure the lisp fw.
Workaround: There is no workaround.
• CSCug18685
Symptom: An NHRP resolution request is forwarded to the first NHS on the tunnel interface instead of being forwarded along the routed path.
Conditions: DMVPN phase 3 implementation.
Workaround: There is no workaround.
• CSCug19697
489Caveats in Cisco ASR 1000 Series Aggregation Services Routers Release 3.11S