Cisco Cisco IOS Software Release 12.4(4)T
824
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(15)T8
Workaround: There is no workaround. However, normal ACLs are not known to exhibit this
behavior.
behavior.
•
CSCeg25475
Symptoms: Filtering BGP routes by means of the distribute-list prefix MARTIAN in command
applied to address-family IPv4 actually filters out M-BGP routes in address-family VPNv4.
applied to address-family IPv4 actually filters out M-BGP routes in address-family VPNv4.
Conditions: This symptom occurs when MPLS-VPNs are configured.
Workaround: Use route maps to filter routes inbound.
Further Problem Description: The show ip bgp neighbors command can be used to check whether
the prefixes are actually being filtered out from updates for address-family VPNv4, and not for IPv4,
as it is configured.
the prefixes are actually being filtered out from updates for address-family VPNv4, and not for IPv4,
as it is configured.
•
CSCeg49153
Symptoms: It may take a long time for the IPSec router to detect that the CA server is down while
trying to reach it for CRL retrieval.
trying to reach it for CRL retrieval.
Conditions: This symptom is observed on a LAN-to-LAN IPSec tunnel between two routers, where
one router is configured for CRL checking.
one router is configured for CRL checking.
Workaround: The situation may be slightly improved by lowering the “tcp synwait” value, for
example: ip tcp synwait-time 5.
example: ip tcp synwait-time 5.
•
CSCei62358
Symptoms: A router may crash when a privilege-level 15 user logs in with the callback or
callback-dialstring attribute.
callback-dialstring attribute.
Conditions: This symptom is observed on a Cisco 805 that runs Cisco IOS Release 12.3(15) and on
a Cisco 7600 series that has an RSP720 and that runs Release 12.2(33)SRB1 when the following
conditions are present:
a Cisco 7600 series that has an RSP720 and that runs Release 12.2(33)SRB1 when the following
conditions are present:
–
The router is configured with AAA authentication and authorization.
–
The AAA server runs CiscoSecure ACS 2.4.
–
The callback or callback-dialstring attribute is configured on the AAA server for the user.
Workaround: Do not configure the callback or callback-dialstring attribute for the user.
Alternate Workaround: If the callback-dialstring attribute is used in the TACACS+ profile, ensure
that the NULL value is not configured for the callback-dialstring attribute.
that the NULL value is not configured for the callback-dialstring attribute.
•
CSCek55562
Symptoms: A CPUHOG may occur.
Conditions: This symptom is observed with various routing commands, including the clear ip route
command, in cases where more than 300,000 routes were learned via a single subnet.
command, in cases where more than 300,000 routes were learned via a single subnet.
Workaround: There is no workaround.
•
CSCek65374
Symptoms: The PRE3 may not parse the startup configuration.
Conditions: This symptom is observed on a Cisco router that has dual RPs.
Workaround: There is no workaround.
•
CSCek73053
Symptoms: A Cisco 181x router may crash when ipsec_cs script is tested.
Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.4(13.5)PI6.