Cisco Cisco IOS Software Release 12.2(33)SRE
1463
Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA7
OL-10394-05 Rev. R0
•
CSCsg38930
Symptoms: IP fragments may not be forwarded over an GRE tunnel when the tunnel is configured
to go through an IPSEC-SPA-2G. These IP fragments may be dropped.
to go through an IPSEC-SPA-2G. These IP fragments may be dropped.
Conditions: This symptom is observed on a Cisco 7600 series that has a Supervisor Engine 720 and
an IPSEC-SPA-2G, and that runs Cisco IOS Release 12.2(18)SXF5 when the tunnel is configured
in the following manner:
an IPSEC-SPA-2G, and that runs Cisco IOS Release 12.2(18)SXF5 when the tunnel is configured
in the following manner:
–
Path MTU Discovery (PMTUD) is enabled.
–
IPsec tunnel protection is enabled.
–
The crypto engine slot slot/subslot inside command is enabled.
The symptom may also affect other releases.
The output of the show crypto vlan command shows the VLAN that is associated with the crypto
configuration.
configuration.
Temporary Workaround: Use an ACL with an ACE and the log keyword for the specific multicast
group.
group.
Workaround: Disable Path MTU Discovery (PMTUD).
•
CSCsg46087
Symptoms: A packet with a size that is larger than 1460 bytes does not go through a GRE IPsec
tunnel even when the IP MTU for the tunnel has a size that is larger than the size of the packet (for
example, when the IP MTU is set to 1514 bytes).
tunnel even when the IP MTU for the tunnel has a size that is larger than the size of the packet (for
example, when the IP MTU is set to 1514 bytes).
Conditions: This symptom is observed on a Cisco Catalyst 6000 series and Cisco 7600 series that
are configured with an IPSEC-SPA-2G SPA when the following conditions are present:
are configured with an IPSEC-SPA-2G SPA when the following conditions are present:
–
Path MTU Discovery (PMTUD) is enabled.
–
The DF bit is set for the tunnel interface.
Workaround: Disable PMTUD.
First Alternate Workaround: Do not set the DF bit for the tunnel interface.
Second Alternate Workaround: Use a small IP MTU for the tunnel.
Further Problem Description: Enabling fragmentation on a large number of tunnels may cause some
packet loss due to fragmentation timeouts.
packet loss due to fragmentation timeouts.
•
CSCsg46761
Symptoms: A Cisco 7600 series may reload, causing a temporary service outage.
Conditions: This symptom is observed when the following conditions are present:
–
The router contains a SIP-600.
–
The SIP-600 contains a Shared Port Adapter (SPA).
–
One or more of the plugholes in the SPA do not contain Small Form Factor Pluggable (SFP)
modules.
modules.
–
You enter the show interface transceiver command at the router console.
Workaround: Do not enter the show interface transceiver command unless all plugholes in all SPAs
in the SIP-600 contain SFP modules.
in the SIP-600 contain SFP modules.
•
CSCsg85046
Symptoms: A Cisco 7600 series with a SIP-600 crashes during the boot process.