Win Hex 12.2 SR-11 serial key or number

Table Of Contents

Caveats for Cisco IOS Release 12.2(33)SRB through 12.2(33)SRB6

Resolved Caveats—Cisco IOS Release 12.2(33)SRB6

Resolved Caveats—Cisco IOS Release 12.2(33)SRB5

Resolved Caveats—Cisco IOS Release 12.2(33)SRB4

Resolved Caveats—Cisco IOS Release 12.2(33)SRB3

Resolved Caveats—Cisco IOS Release 12.2(33)SRB2

Resolved Caveats—Cisco IOS Release 12.2(33)SRB1

Open Caveats—Cisco IOS Release 12.2(33)SRB

Resolved Caveats—Cisco IOS Release 12.2(33)SRB

Caveats for Cisco IOS Release 12.2(33)SRB through 12.2(33)SRB6

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in this section.

Because Cisco IOS Release 12.2SR is based on Cisco IOS Release 12.2, many caveats that apply to Cisco IOS Release 12.2 also apply to Cisco IOS Release 12.2SR. For information on severity 1 and 2 caveats in Cisco IOS Release 12.2, see theCaveats for Cisco IOS Release 12.2document located on Cisco.com.

In this section, the following information is provided for each caveat:

•Symptoms—A description of what is observed when the caveat occurs.

•Conditions—The conditions under which the caveat has been known to occur.

•Workaround—Solutions, if available, to counteract the caveat.

Note If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Support: Tools & Resources: Bug Toolkit (which is listed under Troubleshooting). Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl. (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)

•Resolved Caveats—Cisco IOS Release 12.2(33)SRB6

•Resolved Caveats—Cisco IOS Release 12.2(33)SRB5

•Resolved Caveats—Cisco IOS Release 12.2(33)SRB4

•Resolved Caveats—Cisco IOS Release 12.2(33)SRB3

•Resolved Caveats—Cisco IOS Release 12.2(33)SRB2

•Resolved Caveats—Cisco IOS Release 12.2(33)SRB1

•Open Caveats—Cisco IOS Release 12.2(33)SRB

•Resolved Caveats—Cisco IOS Release 12.2(33)SRB

Resolved Caveats—Cisco IOS Release 12.2(33)SRB6

Cisco IOS Release 12.2(33)SRB6 is a rebuild release for Cisco IOS Release 12.2(33)SRB. The caveats in this section are resolved in Cisco IOS Release 12.2(33)SRB6 but may be open in previous Cisco IOS releases.

•CSCee19691

Symptoms: A Cisco router may crash when you enter the clear ip route * command multiple times.

Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2S or Release 12.3 and that is configured for RIP.

Workaround: There is no workaround.

•CSCej05426

Symptoms: When the standby RP functions in SSO mode and you enter the no rtr reaction-configurationoperation-number command, the standby RP is forced into RPR mode and the active RP cannot enter the configuration mode. The standby RP remains in the initialization mode. You must reload both the active RP and the standby RP to enable them to return into SSO mode.

Conditions: This symptom is observed on a Cisco 7304 when a probe is created automatically via the IP SLA "rtr mpls-lsp-monitor" commands and when you remove, reschedule, or reconfigure the probe via the no rtroperation-number, no rtr reaction-configurationoperation-number, or no rtr scheduleoperation-number command.

Workaround: Do not use the CLI to make changes to the probe. Rather, make changes to the probe via the IP SLA "rtr mpls-lsp-monitor" commands.

•CSCek50806

Symptoms: The standby RP may reload when you enter the aps revert command.

Conditions: This symptom is observed on a Cisco 7600 series that runs Cisco IOS Release 12.2(33)SRB.

Workaround: There is no workaround.

•CSCek77516

Symptoms: If AToM Tunnel Select feature is used, traffic does not flow.

Conditions: Occurs with software-based EoMPLS setup, using xconnect under switch virtual interface (SVI).

Workaround: Use one of the supported physical interface as core-facing line card. Supported line cards include SIP-200, SIP-400, SIP-600, FW2, PWAN2, ES20 and ES40.

•CSCsg00102

Symptoms: SSLVPN service stops accepting any new SSLVPN connections.

Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed.

This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix CSCso04657 and CSCsg00102.

•CSCsg49395

Symptoms: The following BIT-OUTOFRANGE error message and traceback information may be displayed:

Conditions: Occurs on a Catalyst 6500 if an SNMP walker utility sends bridge port number 0 to the switch.

Workaround: Configure the SNMP walker utility to get MIB objects starting from bridge port number 1.

•CSCsh58542

Symptoms: Crash seen when the following sequence of commands are configured on an interface:

1. ipv6 mld static/join-group group source-list acl1

2. ipv6 mld static/join-group group source-list acl2

and then a shut/no shut is performed on the interface:

acl2 is not defined

Conditions: The problem will be seen when:

1. Applying the first static-join on one group and the second on another group.

2. Applying the joins strictly in the above order, such as applying the first static-join with a valid source-list ACL and second static-join on a different group with undefined source-list.

The problem will not happen if the source-lists are defined on a single-group or all the source-lists are already defined. The problem will be seen only with above conditions when the interface is in the process of "coming-up". In this case, if the interface is up before static-joins, then this particular problem will not be seen until the interface is flipped again.

Workaround:

1. Define the source-lists ACLs first before applying the static-joins.

2. In case, if we have to configure undefined ACLs, apply them first before applying the valid source-list ACL.

•CSCsh85011

Symptoms: Router crashes.

Conditions: Occurs during IP SLA operation when the frequency is changed using the group schedule command.

Workaround: There is no workaround.

•CSCsj21099

Symptoms: IPv4 eBGP session flaps when IPv6 address family is removed from VRF configuration. IPv6 eBGP session flaps when IPv4 address family is removed from VRF configuration.

Conditions: The problem only happens with Cisco IOS images that support "vrf definition" configuration.

Workaround: There is no workaround.

•CSCsj34043

Symptoms: SIP-200 crashes several times due to a memory corruption with the following error messages:

Conditions: Occurs on a SIP-200 running Cisco IOS Release 12.2(33)SRA2 with an OC3 ATM SPA.

Workaround: There is no workaround.

•CSCsk04318

Symptoms: Under the BGP router configuration mode, removing an address-family configuration and then immediately reapplying the same configuration may cause the standby RP of a dual-RP router to reload unexpectedly. Typically, the following configuration sync error will be reported:

Config Sync: Line-by-Line sync verifying failure on command: address-family ipv4 vrf NAME due to parser return error

Removing and replacing the RD configuration under a VRF may also trigger the same type of sync error behavior, although the command listed as failing line-by-line sync will be different.

Conditions: Removal of a BGP address-family configuration triggers background cleanup processing that occurs asynchronously after the command is entered by the user. The background cleanup runs on both the active RP and the standby RP, although the cleanup may happen at different times on the active and standby. Because such background processing does not usually run in lockstep on the two RPs, a window exists after entering an address-family deconfiguration command where the active RP and standby RP are not in the same state. If the user tries to reconfigure the address-family command before both RPs have completed processing and are again in the same state, line-by-line sync may fail and cause the standby RP to reload.

Workaround: The line-by-line sync error can be avoided by allowing adequate time for the standby RP to complete background processing and arrive in an identical state as the active RP. If configuration commands are applied when both RPs are in a consistent state, the configuration sync error will not occur and the standby RP will not reload. The background processing normally happens at 60-second intervals, so waiting 2 minutes between deconfig/reconfig attempts for the same command should prevent the issue in all cases.

The line-by-line sync error and standby RP reload should not cause any service impact, as only the standby RP is affected. The active RP remains fully functional and continues traffic forwarding as usual while the standby RP reloads.

•CSCsk23972

Symptoms: A router running an IOS image may stop accepting incoming TELNET connections.

Conditions: Occurs when 20 or more VRFs are configured and they have incoming TCP connections arriving at the host for non-existing services from different VRFs.

Workaround: Use show tcp brief all command to view TCB that have local and foreign addresses as "*.*". Clear those entries using the following command clear tcp tcbaddress of the TCB.

Further Problem Description: When an incoming SYN is received for a non-existing service, for example to BGP port with BGP not configured, TCP leaks a TCB that has laddr and faddr as *.*. This TCB is usually reused for the next incoming connection.

However when VRFs are configured, such TCB can be reused only for that VRF. If there are several VRFs configured in the box, one TCB per VRF will be leaked. And there is a limit of 20 such "wild TCBs" in the system. So, once we reach the limit of 20, because we leak one per each different VRF, any connection request coming in will be denied.

•CSCsk35970

Symptom: Excessive CPU usage occurs on a router configured for BGP multipath with several iBGP and eBGP peers.

Conditions: BGP TblVer is incrementing every 5 minutes, causing the BGP router process to use maximum CPU every 5 minutes.

Workaround: None

•CSCsk48390

Symptoms: Tracebacks are seen.

Condition: Occurs when the T1 corresponding to a member link of a MLPPP bundle is unprovisioned while the link is still part of the bundle.

Workaround: Remove the member link from the MLPPP bundle and then unprovision the T1.

•CSCsk64158

Several features within Cisco IOS Software are affected by a crafted UDP packet vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked input queue on the inbound interface. Only crafted UDP packets destined for the device could result in the interface being blocked, transit traffic will not block the interface.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the workarounds section of the advisory.

This advisory is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml

•CSCsl32142

Symptoms: A router may reload after reporting SYS-3-OVERRUN or SYS-3-BADBLOCK error messages. SYS-2-GETBUF with `Bad getbuffer' error may also be reported.

Condition: Occurs when PIM auto-RP is configured and IP multicast boundary is enabled with the filter-autorp option.

Workaround: Configure IP multicast boundary without the filter-autorp option.

•CSCsl57457

Symptoms: Intermediate System-to-Intermediate System (IS-IS) NSF may not work.

Conditions: Occurs when router is running a modular Cisco IOS image.

Workaround: There is no workaround.

•CSCsl58673

Symptoms: A Cisco router running IOS or IOS Software modularity may not allow telnet connections when the device is configured to run an Embedded Event Manager (EEM) policy that contains actions that use the CLI. In addition CLI actions may not correctly wait for the prompt before going on to the next action or may not detect the prompt.

Conditions: The symptom of not allowing telnet connections can occur when the device has been configured with an EEM policy to run a CLI command. When that policy exits the input buffer of the VTY way not be cleaned up properly so the next connection opened on that VTY may simply show three user name prompts and exit.

The symptom of the CLI actions not waiting for the prompt can occur when using the CLI actions on a low-end system with a slower CPU. The system incorrectly checks for the prompt only 10 times and then assumes the prompt is blank instead of waiting for a valid prompt.

The symptom of CLI actions not matching against the prompt properly can occur if the prompt has been changed from the default.

When multiple EEM policies are triggered, they can use up all available VTY lines.

Workaround: There is no workaround.

Further Problem Description: If no VTY lines are available, the user will not be able to Telnet into the machine. Console access will not be affected.

This only affects customers using the Embedded Event Manager (EEM). It affects EEM applets and policies which interact with the CLI library. This was only seen on the MCP platform however.

Cisco IOS Release 12.2(33)SRA is not affected.

Cisco IOS Release 12.2(33)SRB1 and Cisco IOS Release 12.2(33)SRB2 are not affected. But Cisco IOS Release 12.2(33)SRB3 is affected.

Cisco IOS Release 12.2(33)SRC1 is not affected.

Cisco IOS Release 12.2(33)SXF is not affected.

Cisco IOS Release 12.2(33)SXH1 is affected. Cisco IOS Release 12.2(33)SXH2 is not affected.

•CSCsm21126

Symptoms: A Cisco 7600-SSC-400 may not recover from a fabric error.

Conditions: The symptom is observed when an error is present in the fabric channel. The fabric errors can be observed by executing the command show platform hardwaressa fabric-monitor history.

Workaround: There is no workaround.

•CSCsm27071

A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS Software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results:

* The configured feature may stop accepting new connections or sessions. * The memory of the device may be consumed. * The device may experience prolonged high CPU utilization. * The device may reload.

Cisco has released free software updates that address this vulnerability.

Workarounds that mitigate this vulnerability are available in the "workarounds" section of the advisory.

The advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml

•CSCsm32392

Symptoms: A Cisco platform may reset its RP when two simultaneous write memory commands from two different VTY connections are executed.

Conditions: Occurs on a Cisco 7600 with Sup720. The symptom is intermittent and is related to the way NVRAM is accessed.

Workaround: There is no workaround.

•CSCsm42477

Symptoms: Standby reloads with QoS configuration.

Conditions: Occurs when the active and standby are out of sync.

Workaround: There is no workaround.

•CSCsm50317

Symptoms: Service policy counters stop updating after applying a service policy.

Conditions: The symptom is observed when applying service policy with ACL to virtual template. The policy-map counters become stuck at zero.

Workaround: Remove the policy and reapply.

•CSCsm93068

Symptoms: A large number of interfaces (10,000 or more) in a VRF might lead to long boot-up times and CPU hogs.

Conditions: The symptom is observed if there is a large number of interfaces in a VRF.

Workaround: There is no workaround.

•CSCso04657

Symptoms: SSL VPN service stops accepting any new connections.

Conditions: A device configured for SSL VPN may stop accepting any new SSL VPN connections due to a vulnerability in the processing of new TCP connections for SSL VPN services. If debug ip tcp transactions is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed.

Workaround: There is no workaround.

•CSCso35659

Symptoms: Layer 3 traffic gets rate-limited to 100pps on toggling xconnect VFI on the VLAN interface.

Conditions: VLAN (SVI) interface is configured with IP address and routes L3 packets. If xconnect VFI is applied and removed, the traffic rate falls.

Workaround: Unconfigure and clear the VLAN.

•CSCso42210

Symptoms: Following reload, controllers come up, but interfaces stay down.

Conditions: A router with HA Sup720 and non-HA Sup32 is connected with 8xCHT1/E1 SPA, 1xCHSTM1 SPA and 4xCT3 SPA in a SIP-200. Upon reloading 8xCHT1/E1 SPA alone on both sides simultaneously, 6-7 interfaces go down and never come up. They show as up/up in line card but up/down in RP.

Workaround: There is no workaround.

•CSCso56038

Symptoms: The following error message may be seen:

%DUAL-3-INTERNAL: eigrp 4: Internal Error

Conditions: This symptom is seen when a PE-CE setup using site-of-origin (SoO) tags, in which an PE router that is running EIGRP can learn the same route both by EIGRP (from a CE neighbor) and also by redistribution.

The above error may be seen when EIGRP on the PE prepares to send information to a neighbor about a route learned from another neighbor (with no SoO tag), but before the information can be sent, the route is replaced by a redistributed route (with an SoO tag). The above error can be seen. This behavior is very dependent on the timing of this series of events.

Workaround: There is no workaround.

Further Problem Description: It is not clear what functional impact this may have, or whether the error message is purely a warning.

•CSCso56196

Symptoms: Updates are not being sent or withdrawn.

Conditions: This symptom occurs when a neighbor flaps an update-group in the process of updating group generation:

PE1------UUT----PE2

On UUT there are neighbors PE1 and PE2. If PE1 and PE2 are in same update group, the show ip bgp all update-group command will show that.

Now there are a lot of updates being formatted and sent in the process. The show ip bgp all replication command would show the messages which are enqueued for sending out for particular update groups. At this moment, one neighbor goes to idle and is not coming up, then the new updates will not be formatted until the neighbor comes up.

Workaround: 1) Remove the idle neighbors of the update-group and add again. 2) Clear the IP BGP neighbor that went idle.

•CSCso67195

Symptoms: Router may crash due to memory corruption:

Conditions: This symptom occurs when PIM is enabled on an interface and access- list logging is enabled.

ip pim sparse-dense-mode

access-list 98 deny any log

Workaround: Remove access-list logging.

•CSCso71955

Symptoms: A router running Cisco IOS may experience alignment errors which are generated for every packet received on the serial interfaces and cellular interfaces. A Cisco 7600 Series router or a Cisco 6500 Series router may reload if this occurs when the traffic rate is high on a PA-POS-1OC3 installed in an Enhanced FlexWAN or similar interface.

Conditions: This is seen when netflow (ip route-cache flow or ip flow ingress) is configured on a serial interface.

Workaround: Disable netflow if possible.

Further Problem Description: A router that shows the alignment error rather than crashing can experience a significant performance impact, as every packet received on the serial interface will need to go through alignment correction.

•CSCso89550

Symptoms: The router may crash as the rxError on the active slowly increases after every few minutes. The supervisor may have a bad local fabric channel message.

Conditions: The symptoms are observed on a Catalyst 6000 supervisor module that is a SUP720 and is running Cisco IOS Release 12.2(18)SXF12a. There is no user traffic in the system, so the traffic that causes the rxError can only be the heartbeat packet or the diagnostic packet.

Workaround: Disable GOLD diagnostic tool on switches. If the two tests "TestFabricSnakeForward" and "TestFabricSnakeBackward" are disabled from running as HM tests, this issue should not be seen.

•CSCso90058

Symptoms: MSFC crashes with Red Zone memory corruption.

Conditions: This problem is seen when processing an Auto-RP packet and NAT is enabled.

Workaround: There is no workaround.

•CSCsq39180

Symptoms: Ethernet Connectivity Fault Management (CFM) packets are dropped instead of being forwarded to the Ethernet Virtual Circuit (EVC).

Conditions: This was observed under normal conditions. An EVC is configured on a SIP-400 with a SPA-5x1GE. The interface is configured for one EVC for a specific VLAN. Coming into that interface was CFM traffic from another switch.

Workaround: Reload the router.

•CSCsq60016

Symptoms: A router crashes after a long RSA key string is entered.

Conditions: This symptom is observed when a very long hex string is entered.

Workaround: Break the entry into shorter strings.

•CSCsq84670

Symptoms: ATM OC48 cell packing: No throughput for high traffic over few VCs.

Conditions: When running packed cell relay over MPLS (PCRoMPLS) with an OC-48 ATM SPA (line rate traffic divided evenly over 2 subinterface PVCs), throughput instantly goes to 0%. Once this occurs, all throughput remains blocked (even for reduced traffic levels) until the SPA is reloaded.

Workaround: A traffic level of 75% of OC-48 line rate or less divided evenly over two PVCs does not trigger the failure. Also, traffic divided evenly over more than 6 PVCs (even at an aggregate of 100% of line rate) does not trigger the problem.

•CSCsq97167

Symptoms: IP multicast traffic drops every 100 seconds.

Conditions: Traffic drops periodically on all output interfaces after stateful switchover (SSO).

Workaround: There is no workaround.

•CSCsr05746

Symptoms: ESM20 line card may crash while booting up.

Conditions: Occurs intermittently with a scaled topology.

Workaround: There is no workaround.

•CSCsr06707

Symptoms: When duplicate BGP router-id is received, BGP process does not clear the router-id correctly.

Conditions: Occurs when duplicated BGP router-id is received

Workaround: Enter the clear ip bgp command.

•CSCsr17660

Symptoms: PE-CE performance degradation of 80% on initial convergence.

Conditions: Occurs when BGP and VPNv4 are configured.

Workaround: There is no workaround.

Further Problem Description: Performance is not affected after initial convergence.

•CSCsr18073

Symptoms: When polling the IP SLA Ethernet MIB, the switch returns an incorrect value for "Destination to Source positive jitter Sum2." Instead, the switch returns the value for "Source to Destination positive jitter Sum2".

Conditions: The symptom is observed when the IP SLA Ethernet MIB is polled.

Workaround: There is no workaround.

•CSCsr27794

Symptoms: BGP does not generate updates for certain peers.

Conditions: BGP peers show a neighbor version of 0 and their update groups as converged. Out queues for BGP peers are not getting flushed if they have connection resets.

Workaround: There is no workaround other than entering the clear ip bgp * command.

•CSCsr29468

Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload.

Cisco has released free software updates that address this vulnerability.

Several mitigation strategies are outlined in the workarounds section of this advisory.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-tcp.shtml

•CSCsr50134

Symptoms: A DFC or SP module can crash when fast reroute (FRR) is enabled and there are some interface flaps or events that can cause change in FRR primary or backup path.

Conditions: Occurs when while internal statistics gathering is taking place while one of the following happens:

* primary path FRR cutover

* primary path's interface flaps

* FRR configuration is changed

Workaround: Avoid FRR configuration changes.

•CSCsr54959

Symptoms: Router crashed when removing a policy attached to a VLAN interface with a route map and access lists attached.

Conditions: Occurred on a Catalyst 4500 running Cisco IOS Release 12.2(46)SG. The device may reload unexpectedly due to a software-forced crash. Defect also affects other platforms and releases of Cisco IOS.

Workaround: There is no workaround.

•CSCsr72810

Symptoms: Unidirectional traffic is dropped when the PBR is configured with "set vrf" option between global and VPN routing/forwarding (VRF).

Conditions: Occurs under the following scenario:

- When PBR is configured with "set vrf" option between global and VRF

- The router is running Cisco IOS Release 12.2(33)SRC1.

Workaround: Configure the PBR with "set vrf" option among VRFs.

•CSCsr80601

Symptoms: An ISAKMP SA is not deleted as expected after removing the RSA key.

Conditions: The issue is seen when the user tries to clear the ISAKMP SAs by issuing the clear crypto session command on an IKE SA that has multiple IPSEC SAs.

Workaround: Use the clear crypto sa and clear crypto is commands.

•CSCsu36709

Symptoms: A router may unexpectedly reload.

Conditions: The symptom is observed specifically with a configuration of Enhanced Interior Gateway Routing Protocol (EIGRP) that is used to redistribute BGP routes. Plain EIGRP is not affected.

Workaround: Do not use EIGRP to redistribute BGP.

•CSCsu42315

Symptoms: When the L3VPN prefix uses a tunnel with fast reroute (FRR) protection, there is traffic loss during reoptimization.

Conditions: Not all prefix in the VRF will observe this issue. This is seen only when there are more than 250,000 prefixes.

Workaround: There is no workaround.

Further Problem Description: Traffic loss during re-optimization can be due to faster tunnel cleanup also. It is advisable to configure mpls traffic-eng reoptimize timers delay cleanup <seconds> to fine tune the cleanup according to the topology.

•CSCsu64215

Symptoms: Router may incorrectly drop non TCP traffic. TFTP and EIGRP traffic can be impacted as seen in CSCsv89579.

Conditions: Occurs when the ip tcp adjust-mss command is configured on the device.

Workaround: Disable ip tcp adjust-mss on all interfaces. Note that this may cause higher CPU due to fragmentation and reassembly in certain tunnel environments where the command is intended to be used.

•CSCsu67637

Symptoms: IPv6 address of loopback interface set as passive under Intermediate System-to-Intermediate System (IS-IS) router process is not present in IS-IS database.

Conditions: Issue is seen when loopback interface is set as passive under router IS-IS configuration and the IPv6 address of the interface is only added afterwards. If the passive-interface command is used when the loopback interface already has its IPv6 address configured, issue is not seen.

Workaround: After the IPv6 address is configured under the affected interface, remove and add the passive-interface configuration under the router IS-IS process.

•CSCsu81406

Symptoms: Following a processor switchover in route processor redundancy (RPR) plus mode, the SM-1CHOC12/T1-SI card on the channelized serial interfaces goes down.

Conditions: Occurs after the processor switchover in RPR plus mode.

Workaround: Use hw-module reset to solve the issue.

•CSCsu97177

Symptoms: Device may reload while querying the CISCO-IETF-IP-FORWARD (IPv6) MIB.

Conditions: SNMP must be configured on the device, and the querier must be aware of the appropriate community to use. Further, there must exist multiple IPv6 global routing tables on the device. This will only be the case if VRFs have been configured with the "vrf definition" command, and that vrf has the IPv6 address family configured, and if that VRF is applied to an interface and global IPv6 addresses configured. This can be confirmed by the existence of multiple tables marked "global" in the output of the "show ipv6 table" command.

Workaround: Exclude the CISCO-IETF-IP-FORWARD from queries.

Further problem description: Ensure that SNMP is configured so that it can only be accessed by authorized users.

•CSCsv04674

Symptoms: The M(andatory)-Bit is not set in Random Vector AVP, which is a must according to RFC2661.

Conditions: This symptom is observed with Egress ICCN packet with Random Vector AVP during session establishment.

Workaround: There is no workaround.

•CSCsv04836

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.

•CSCsv05934

Summary: Cisco's VTP protocol implementation in some versions of Cisco IOS and CatOS may be vulnerable to a DoS attack via a specially crafted VTP packet sent from the local network segment when operating in either server or client VTP mode. When the device receives the specially crafted VTP packet, the switch may crash (and reload/hang). The crafted packet must be received on a switch interface configured to operate as a trunk port.

Workarounds: There are no workarounds available for this vulnerability.

This response is posted at: http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml

•CSCsv13243

Symptoms: Configuring Bidirectional Forwarding Detection (BFD) for a Border Gateway Protocol (BGP) neighbor that is established on a subinterface will cause the BGP session to go down.

Conditions: Occurs on a Cisco 7600 router with BGP session established on a subinterface and the subinterface is configured in "native vlan" mode while the configured BFD session is in ECHO Mode.

Workaround: Configure subinterface in "non-native" mode.

•CSCsv14963

Symptoms: A provider-edge (PE) router configured to run Multicast VPN (MVPN) will not install an alternate MDT next-hop on a route that is learned through an OSPF sham-link.

Conditions: The symptom is observed when two PEs are configured to run MVPN and create a sham-link between them. Remote routes that are learned through the sham-link will not have an MDT tunnel.

Workaround: There is no workaround.

•CSCsv16869

Symptoms: BGP updates may not be sent out.

Conditions: The symptom is observed when neighbors are flapped in a large- scale scenario.

Workaround: There is no workaround.

•CSCsv21295

Symptoms: Due to TestLoopback diagnostic failure on RSP supervisor, the interface is placed to err-disable state.

Conditions: This is seen when the interface is configured as RJ45 and with speed between 10 to 100mbps.

Workaround: Configure the speed on RJ45 interface `auto' negotiation and execute the diagnostic test TestLoopback to get the port out of err-disable.

•CSCsv21403

Symptoms: Traffic is not passed through an Ethernet Virtual Circuit (EVC) service instance.

Conditions: Occurs after configuring EVC (Ethernet Virtual Circuit) service instance. The show platform efp-client command shows no output.

Workaround: There is no workaround.

•CSCsv22930

Symptoms: When traffic engineering (TE) and fast reroute (FRR) is configured between the stitching router and provider edge (PE), traffic fails.

Conditions: Occurs when pseudowire stitching is configured.

Workaround: Do not enable FRR between these routers.

•CSCsv24179

Symptoms: Protocol Independent Multicast (PIM) neighborship is not established with SIP600 over R-VPLS.

Conditions: Occurs when more than one VC on different VLANs exists with SIP600 links as core-facing and one of the VLANs configured with PIM.

Workaround: There is no workaround.

•CSCsv24908

Symptoms: Layer 2 forwarding on other modules breaks when SIP-400 interface running eBGP and GRE flaps

Conditions: Occurs on a SIP-400 with SPA-2X1GE running BGP and GRE tunnels. Interface flaps on other modules are unable to resolve ARP or maintain routing neighbors. Issue seen on Supervisor 720 and Cisco 6748 CFC ports.

Workaround: Reload the chassis.

•CSCsv25306

Symptoms: OSPF between two customer sites over H-VPLS network with SIP600 as core facing card in the hub router fails to come up.

Conditions: This is seen with traffic engineering (TE) and fast reroute (FRR) TE/FRR setup in the hub, and when TE tunnels have dynamic path option set.

Workaround: Perform a shut/no shut on the core-facing SIP600 interface.

•CSCsv27617

Symptoms: After reloading, NetFlow stops working and the output of show ip interface shows "IP Routed Flow creation is disabled in netflow table"

Conditions: This condition is seen on WAN main interfaces of a Cisco 7600 running Cisco IOS Release 12.2(33)SRB3 and can also be seen on Cisco IOS Release 12.2(33)SRC2.

Workaround: Remove and reconfigure NetFlow on the affected interfaces.

•CSCsv28451

Symptoms: A Cisco 7600 PE router fails to redistribute a VRF prefix into BGP after the prefix or path to it flaps. The PE router will indicate the prefix being redistributed into BGP but the prefix will not get installed into the BGP table until the prefix is cleared:

Conditions: The PE router redistributing the given prefix must have a sham-link configured for the given VRF and an alternate path to the prefix must exist once the primary (sham-link) is down.

Workaround: Use the following command: clear ip route vrf vrfname <prefix>.

Further Problem Description: This problem is seen only in Cisco IOS Release 12.2(33)SRB. Cisco IOS Releases 12.2(33)SRC/SRD, etc. are not affected.

•CSCsv29659

Symptoms: RP configured inside a NAT not shown on test device outside the NAT.

Conditions: Entering the show ip pim rp mapping command fails to display the RP.

Workaround: There is no workaround.

•CSCsv30307

Symptoms: ISSU does not work from Cisco IOS Release 12.2(33)SRD to Cisco IOS Release 12.2(33)SRB5.

Conditions: When ISSU is performed from Cisco IOS Release 12.2(33)SRD image to 12.2(33)SRB5 image, ISSU is not working because of a default command introduced in 12.2(33)SRD.

Workaround: There is no workaround.

•CSCsv30540

Symptoms: The error message %SYS-2-CHUNKBOUNDSIB and traceback are seen.

Conditions: The symptoms are observed when the show running- config/write memory command is issued.

Workaround: There is no workaround.

•CSCsv36266

Symptoms: E1 and SonetVT layers are down even though serial (Upper Layer) ifOperStatus is UP.

Conditions: Occurs on serial interfaces of SPA-1XCHSTM1/OC3.

Workaround: There is no workaround.

•CSCsv38166

The server side of the Secure Copy (SCP) implementation in Cisco IOS software contains a vulnerability that could allow authenticated users with an attached command-line interface (CLI) view to transfer files to and from a Cisco IOS device that is configured to be an SCP server, regardless of what users are authorized to do, per the CLI view configuration. This vulnerability could allow valid users to retrieve or write to any file on the device's file system, including the device's saved configuration and Cisco IOS image files, even if the CLI view attached to the user does not allow it. This configuration file may include passwords or other sensitive information.

The Cisco IOS SCP server is an optional service that is disabled by default. CLI views are a fundamental component of the Cisco IOS Role-Based CLI Access feature, which is also disabled by default. Devices that are not specifically configured to enable the Cisco IOS SCP server, or that are configured to use it but do not use role-based CLI access, are not affected by this vulnerability.

This vulnerability does not apply to the Cisco IOS SCP client feature.

Cisco has released free software updates that address this vulnerability.

There are no workarounds available for this vulnerability apart from disabling either the SCP server or the CLI view feature if these services are not required by administrators.

This advisory is posted at the following link:

http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml.

•CSCsv57587

Symptoms: After online insertion and removal (OIR) of the SPA or line card holding the active Automatic Protection Switching (APS) interface, there are two active interfaces for the same APS group. During OIR, the old inactive interface becomes active and the OIRed interface also comes back up as active. The OIR interface should come up as inactive.

Conditions: The problem is seen only on ATM SPAs and is seen with both SR-APS and MR-APS configurations.

Workaround: In the case of a manual OIR, this can be prevented by entering the force APS switchover command before performing an OIR on the active.

When OIR happens due to other reasons and the problem is seen, perform a shut/no shut on one of the interface.

•CSCsv73509

Symptoms: When "no aaa new-model" is configured, authentication happens through the local even when tacacs is configured. This happens for the exec users under vty configuration.

Conditions: Configure "no aaa new-model", configure login local under line vty 0 4 and configure login tacacs under line vty 0 4.

Workaround: There is no workaround.

•CSCsv79673

Symptoms: Unicast flooding occurs for all traffic destined to VLAN SVI. MAC address for the VLAN SVI is being learned dynamically.

Conditions: Changing the VLAN SVI configuration from IP to XCONNECT and back without shutting down the interface will result in the router MAC being learned dynamically instead of being installed as static. Normal aging occurs on the dynamic MAC, resulting in unicast flooding if the MAC is removed from the MAC address table.

Workaround: Perform a shut/no shut on the affected VLAN SVI.

•CSCsv79993

Symptoms: A Cisco 7600 may crash when a distribute-list is deleted.

Conditions: Crash occurs when removing a distribute-list from EIGRP. The distribute-list was one of many that was sharing the same route-map and access-list. The crash only happens when multiple protocols have the same direction distribute-list configured on the same interface, as in the following example:

router eigrp 10

network 10.0.0.0

distribute-list 49 out Ethernet1/2.10

router rip

network 10.0.0.0

default-metric 2

distribute-list 49 out Ethernet1/2.10

Workaround: There is no workaround.

•CSCsv85791

Symptoms: Traffic out of a Frame Relay subinterface on a Cisco 7600/Enhanced Flexwan/CT3 stops randomly during normal operation. Some traffic is still going through, with delays of 5+ seconds seen using ICMP echo requests with large timeout.

Conditions: Occurs when an outbound QoS service-policy is configured on the DLCI.

Workaround: Remove the service-policy and re-add it to temporarily restore normal traffic flows.

•CSCsv86256

Symptoms: In the pseudowire stitching configuration, if fast reroute (FRR) is enabled for link or node protection at the tunnel stitching router, then end-to-end connectivity is broken.

Conditions: Problem happens only if a Cisco 7600 is the stitching-point router and has MPLS Fast Reroute enabled.

Workaround: Disable FRR at the stitching point.

•CSCsv97273

Symptoms: The SP crashes when the device receives an IP address from the DHCP server. The following error message is displayed:

Signal = 11 Vector = 0x1400

Conditions: Occurs on a Cisco Catalyst 6500 with RSP720-3C-GE when the ip verify source vlan dhcp-snooping is enabled.

Workaround: There is no workaround.

•CSCsw16698

Symptoms: New DHCP clients are not able to get IP address from DHCP server via DHCP relay on the router. Existing clients are unable to renew their IP addresses

Other Symptoms:

1.1 When we're trying to display DHCP bindings with "show ip dhcp binding" command the following message is observed:

1.2 Command "ip dhcp database" disappeared from the running configuration.

1.3 Output of "show run" is delayed.

1.4 Output of "debug ip dhcp events" show the following when a new DHCP packet is received:

2.1. This bug may also cause DHCP Snooping failure. In this case, the output of the show ip dhcp snooping database command constantly shows these lines:

Conditions: Occurs when DHCP and/or DHCP Snooping database agent is configured to store bindings on a TFTP server, and then the database files are not present or are read-only for some time on TFTP server while the router tries to write to them.

Workaround: Before the issue occurs, there are three known alternatives to avoid this problem:

1. Either configure "length 0" for line console 0;

2. Or - log in via console at least once since router startup;

3. Or - use Cisco IOS Release 12.2(33)SRD but do not enable "debug tftp packet".

To fix the issue after it has occurred, connect to the router via console, press space bar to get rid of '--More--' prompt, then press enter to log in

•CSCsw24611

Symptoms: A router configured with BGP and VPN import may crash.

Conditions: This is a hard to hit race condition. BGP imports a path from VRF-A to VRF-B. The following steps have to take place in exactly this order for the crash to occur: 1. The next-hop for the path has to become unreachable. 2. BGP has to re-evaluate the bestpath on the net in VRF-A and result in no-bestpath on the net (because there is no alternative path available). 3. RIB installation has to process the importing BGP net under VRF-B.

Step 3 will result in the crash. If, before step 3, the next-hop re-evaluation manages to process the net in VRF-B then it will clear the bestpath and there will be no crash. If, before step 3, the import code gets a chance to process the net it will clean-up the imported path from VRF-B and then there will be no crash.

Workaround: There is no workaround.

•CSCsw24826

Symptoms: Cisco router may crash pointing to OSPF code because of low memory access.

Conditions: Crash is specific to the following scenario:

1. Neighbor router performs IETF NSF restart.

2. Software interface between routers is removed from configuration when NSF restart is undergoing, when grace LSA is present in the database of the helper router.

3. Helper router will crash 1 hour later during max-age procedure for grace LSA. Reason is that grace LSA is associated with interface, but that interface does not exist any more.

Workaround: If configuration changes need to be done during network changes, the following applies:

1) Shutdown OSPF interface

2) Check show ip ospf da. Can you see type-9?

- NO => good, remove interface

- YES => 'no shutdown' interface, wait for neighbor going FULL (type-9 will be flushed during sync)

3) Repeat Step 1.

•CSCsw35155

Symptoms: When using denies in ACLs in crypto maps, the VPN SPA or VPN SM crashes.

Conditions: Occurs when configuration uses denies in ACLs with crypto maps that causes too many entries in the Ternary Content Addressable Memory (TCAM).

Workaround: Enter the crypto ipsec ipv4 deny clear command.

•CSCsw36872

Symptoms: VPN-NUM in VLAN-RAM TCAM wrongly provisioned after reconfiguration of Layer 3 port-channel. This changes member link mapping, and VRF membership changes on Layer 3 port-channel. Also discrepancy in L3MGR info between RP and SP for affected port-channel/internal vlan representation observed.

Conditions: When the command channel-group <number> mode active is configured on the member link before the respective Port-channel is configured, this causes the member link interface to go admin down. When the port-channel is configured, the port-channel first comes up and then the member link. This may cause the port-channel to take up the same VLAN which was previously assigned to the member link. If this happens, the symptom is seen.

Workaround: One workaround is to configure the port-channel first and then activate the channel-group on the member link interface. Another workaround is to create a dummy interface so that it takes up the member link's previous VLAN and the port-channel will be assigned a new one, in which case this problem is not seen.

•CSCsw37053

Symptoms: Traffic with aggregate label was forwarded in wrong VPN, causing the mis-forwarding, as the IP prefix was not present in the VPN routing/forwarding (VRF) table.

Conditions: Occurs under the following scenario:

1. Aggregate label should not be using the VPN CAM.

2. The recirculation VLAN has the wrong VPN number.

Workaround: Manually correct the wrong mls vlan-ram entry.

Further Problem Description: If there are multiple aggregate labels on a given VRF, there might be a chance of seeing this issue.

•CSCsw43211

Symptoms: Following errors are seen:

Conditions: This has been seen on a Cisco 7200 after upgrading to Cisco IOS Release 12.2(33)SRC2.

Workaround: There is no workaround.

•CSCsw63003

Symptoms: Memory leak occurs in "BGP Router" process. Memory used by this process increase every day while the number of routes is not increasing.

Conditions: This occurs on a provider edge (PE) router running Cisco IOS Release 12.2(31)SB or 12.2(33)SB. Problem is seen when VPN routing/forwarding (VRF) is showing important BGP activity.

Workaround: Reload the router to avoid reaching low memory conditions.

•CSCsw71208

Symptoms: Cisco 7600 does not respond properly to Link Control Protocol (LCP) echo requests, causing PPP sessions to renegotiate between the router and non-Cisco devices.

Conditions: Occurs on a Cisco 7600 running Cisco IOS Release 12.2(33)SRC2.

Workaround: Disable keep-alives on the non-Cisco device.

•CSCsw82462

Symptoms: A connected prefix from the global routing table has a VPN routing/forwarding (VRF) interface as outgoing interface.

Conditions: This condition occurs after a clear ip route x.x.x.x for the prefix x.x.x.x.

Workaround: Shut the VRF interface, clear the prefix from the routing table, then no shut the VRF interface.

•CSCsw88324

Symptoms: The ESM20G, 7600-ES20-GE3CXL, indicates Major error on show module.

Conditions: No special configuration conditions are needed to reproduce. The online diagnostics status indicates "Major Error". The major error can be observed following a forced switchover using the redundancy force-switchover command.

Workaround: No workaround known. Only reloading the router may cause the ESM20G to recover and pass online diagnostics.

•CSCsw89563

Symptoms: When there are repeated link flaps on load-balanced paths for TAG to IP or TAG to TAG load balancing, memory leaks may occur.

Conditions: Occurs when link flaps in PE-CE or P-P or P-PE routers. The leak is proportional to the number of labels in the router.

Workaround: There is no workaround.

•CSCsw89720

Symptoms: When we perform SNMP query (getmany) on cbQosPoliceStatsTable and cbQosREDClassStatsTable, CPU utilization reaches 99 % with a single SSH session. If we query cbQosPoliceStatsTable and cbQosREDClassStatsTable from 18 SSH sessions, CPU-HOG error message are seen

Conditions: Occurs with a large number of policies defined on a GigE subinterface (~4k).

Workaround: No workaround, other than stopping the query.

•CSCsw93867

Symptoms: The following messages appear in the log after a reload:

Conditions: A Cisco 7600 running Cisco IOS Release 12.2(33)SRB2 and 12.2(33)SRB3 with Multilink interface configured for CBWFQ QOS policy will suspend policy and display error message similar to the above if service-policy is applied to Multilink interface at time of route loading.

Workaround: Load router with no service-policies applied and apply them after router is up.

•CSCsw98371

Symptoms: When creating SPAN monitor sessions via SNMP Set (using Network Analysis Module GUI), the user can trigger a high CPU on the supervisor. This then stops the switch from passing traffic and from being accessible.

Conditions: Occurs under the following scenario:

1. Cisco 7600 running Sup720 and 12.2(33)SRB or SRC. The 7600 must have a service module (e.g. MWAM module or FWM) that take up a default SPAN reflector monitor session when powered on.

2. Set up another monitor session. The sup supports no more than two monitor sessions.

7600#show mon sess all

Session 1 --------- Type : Service Module Session Modules allowed : 1-9 Modules active : 3 BPDUs allowed : Yes

Session 2 --------- Type : Local Session Source Ports : Both : Gi9/47 Destination Ports : Gi9/48

3. When the user attempts to create a new monitor session with the same session number as the "Service Module Session" via SNMP, the creation fails, but breaks the logic to prevent any more SPAN sessions from being created.

4. Hence attempting to create a third monitor session is then allowed, and the High CPU is triggered.

Workaround: 1. Check from the command line if there is a monitor session used by the Service Module using the show monitor session all command.

2. If there is, do not attempt to create a new monitor session using the same session number.

OR

3. Create all monitor sessions on the supervisor from the CLI only.

Note: If the Service Module Session is not required, it can be removed with the no monitor session servicemodule command.

•CSCsw99846

Symptoms: With mLDP over a P2P tunnel, traffic drops in multiple cases.

Conditions: The traffic drops when there is a change in path set entries, which can happen when you perform a shut and no shut the TE tunnel or toggle MPLS traffic-tunnel or use the clear mpls traffic-eng auto-tunnel command.

Workaround: There is no workaround.

•CSCsx06457

Symptoms: A router configured with BGP may generate IPRT-3-NDB_STATE_ERROR log messages. An additional symptom when

Results From Crack.ms; Winhex 13.0 (serial) Winhex V11.6 Sr-13: Download Search Tips. Your search for Winhex 13.5 may return better results if you avoid searching for words like: crack, serial, keygen, activation, code, hack, cracked, etc.

Product Description

WinHex is a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security. An advanced tool for everyday and emergency use: inspect and edit all kinds of files, recover deleted files or lost data from hard drives with corrupt file systems or from digital camera cards.

Some features include: Disk editor for hard disks, floppy disks, CD-ROM, DVD, ZIP, Smart Media, and Compact Flash; Native support for FAT, NTFS, Ext2/3, ReiserFS, CDFS, UDF; Built-in interpretation of RAID systems and dynamic disks; RAM editor, providing access to physical RAM and other processes' virtual memory; Data interpreter, knowing 20 data types; Editing data structures using templates (repair partition table/boot sector); Concatenating and splitting files, unifying and dividing odd and even bytes or words; Analyzing and comparing files.

Screenshots

Download WinHex Serial Key Free

Winhex 19.9 Keygen

Registered professional users include:
Microsoft Corp., Hewlett Packard, Deloitte & Touche, KPMG Forensic, Ernst & Young,
Toshiba Europe, Ericsson, National Semiconductor, Siemens AG, Lockheed Martin, BAE Systems,
U.S. federal law enforcement agencies, ... (more)

What's? Please check out the newsletter archiveor support forum.

User interface and program help fully available in English and German.
User interface also partially available in Chinese, Japanese, French, Spanish, Italian, Portuguese.

Installation tips

Old screenshot

*Limitations under Windows Vista/2008 Server/7: Physical RAM cannot be opened. Unable to write sectors on the partitions that contain Windows and WinHex.

Earlier versions may be made available to licensed users on request.