Caveats for Cisco IOS Release 12.2(33)SRAthrough 12.2(33)SRA7Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the mostserious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and onlyselect severity 3 caveats are included in this section.Because Cisco IOS Release 12.2SR is based on Cisco IOS Release 12.2, many caveats that apply toCisco IOS Release 12.2 also apply to Cisco IOS Release 12.2SR. For information on severity 1 and 2caveats in Cisco IOS Release 12.2, see the Caveats for Cisco IOS Release 12.2 document located this section, the following information is provided for each caveat:Note Symptoms—A description of what is observed when the caveat occurs. Conditions—The conditions under which the caveat has been known to occur. Workaround—Solutions, if available, to counteract the caveat.If you have an account on, you can also use the Bug Toolkit to find select caveats of anyseverity. To reach the Bug Toolkit, log in to and click Support: Tools & Resources: BugToolkit (which is listed under Troubleshooting). Another option is to go nch (If the defect that you haverequested cannot be displayed, this may be due to one or more of the following reasons: the defectnumber does not exist, the defect does not have a customer-visible description yet, or the defect has beenmarked Cisco Confidential.) Resolved Caveats—Cisco IOS Release 12.2(33)SRA7, page 1384 Resolved Caveats—Cisco IOS Release 12.2(33)SRA6, page 1392 Resolved Caveats—Cisco IOS Release 12.2(33)SRA5, page 1402 Resolved Caveats—Cisco IOS Release 12.2(33)SRA4, page 1413 Resolved Caveats—Cisco IOS Release 12.2(33)SRA3, page 1443 Resolved Caveats—Cisco IOS Release 12.2(33)SRA2, page 1454 Resolved Caveats—Cisco IOS Release 12.2(33)SRA1, page 1464Americas Headquarters:Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2006–-2012 Cisco Systems, Inc. All rights reserved.

Open Caveats—Cisco IOS Release 12.2(33)SRA, page 1471 Resolved Caveats—Cisco IOS Release 12.2(33)SRA, page 1476Resolved Caveats—Cisco IOS Release 12.2(33)SRA7Cisco IOS Release 12.2(33)SRA7 is a rebuild release for Cisco IOS Release 12.2(33)SRA. The caveatsin this section are resolved in Cisco IOS Release 12.2(33)SRA7 but may be open in previous Cisco IOSreleases.Miscellaneous CSCeb69473Symptoms: Device crashes with a segmentation violation (SegV) exception.Conditions: Occurs when the connect target ip [login 513] /terminal- type value command isentered with a large input parameter to the terminal-type argument such as the following:router connect login /terminal-type aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaTrying*** System received a SegV exception ***signal 0xb, code 0x1100, context 0x82f9e688PC 0x61616160, Vector 0x1100, SP 0x833ae5a8Workaround: AAA Authorization AAA authorization enables you to limit the services available toa user. When AAA authorization is enabled, the network access server uses information retrievedfrom the user’s profile, which is located either in the local user database or on the security server, toconfigure the user’s session. Once this is done, the user will be granted access to a requested serviceonly if the information in the user profile allows it.For a complete description of authorization commands, refer to the following links:ACS 4.1 Command Authorization Sets mgmt/cisco secure access control server for windows/4.1/user/SPC.htmlACS 4.1 Configuring a Shell Command Authorization Set for a User Group mgmt/cisco secure access control server for windows/4.1/user/GrpMgt.htmlRole-Based CLI Access The Role-Based CLI Access feature allows the network administrator todefine “views,” which are a set of operational commands and configuration capabilities that provideselective or partial access to Cisco IOS EXEC and configuration (Config) mode commands. Viewsrestrict user access to Cisco IOS command-line interface (CLI) and configuration information; thatis, a view can define what commands are accepted and what configuration information is visible.Thus, network administrators can exercise better control over access to Cisco networking devices.The following link provides more information about the Role-Based CLI Access feature:Role-Based CLI Access 3t/12 3t7/feature/guide/gtclivws.htmlCaveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA71384OL-10394-05 Rev. R0

Device Access Control Due to the nature of this vulnerability, networking best practices such asaccess control lists (ACLs) and Control Plane Policing (CoPP) that restrict vulnerable device accessto certain IP addresses or Subnetworks may not be effective. Device access best practices providesome mitigation for these issues by allowing systemic control of authenticated and unauthenticatedusers. Device access best practices are documented in:Infrastructure Protection on Cisco IOS Software-Based Platforms Appendix B-Controlling teral/iosswrel/ps8802/ps6970/ps1838/prod white paper0900aecd804ac831.pdfImproving Security on Cisco Routers CSCee89849Symptoms: A router may reload due to an illegal access at a low address.Conditions: This symptom is observed on a Cisco router when AAA is enabled.Workaround: There is no workaround. CSCeg25475Symptoms: Filtering BGP routes by means of the distribute-list prefix MARTIAN in commandapplied to address-family IPv4, actually filters out M-BGP routes in address-family vpnv4.Conditions: This symptom occurs when MPLS-VPNs are configured.Workaround: Use route-maps to filter routes inbound.Further Problem Description: It can be checked by means of the show ip bgp neighbors commandthat the prefixes are actually being filtered out from updates for address-family VPNv4, and not forIPv4, as it is configured. CSCek54959Symptoms: During switchover following error message appears:%MFI-3-REDISTMGR: Redistribution Manager: register - null LSD 16.Conditions: There is no specific condition. A switchover is done with MPLS application enabled.Workaround: There is no workaround. CSCek78675Symptoms: SIP200 may crash multiple times on executing the QoS test cases.Conditions: This symptom occurs while configuring/unconfiguring different QoS features andrunning traffic for a while.Workaround: There is no workaround. CSCin99430Symptoms: Running the snmpwalk command on ifInOctets and some other ifMIB objects is notreturning values for all the interfaces. The snmpget command is working fine.Conditions: This symptom occurs when the hidden command no snmp- server sparse-table isconfigured.Workaround: Configure hidden command snmp-server sparse- table. CSCsd47475Symptoms: A Cisco Catalyst 6000 series switch or Cisco 7600 series router may not be able toresolve ARP requests.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA7OL-10394-05 Rev. R01385

Conditions: This symptom is observed on a Cisco Catalyst 6000 series switch and Cisco 7600 seriesrouter that are configured with an enhanced FlexWAN module (WS-X6582-2PA) in which a100BASE-TX port adapter (PA-FE-TX) and an IPSec VPN Acceleration Services Module(WS-SVC-IPSEC-1) are installed.Workaround: Configure a static ARP entry. CSCse44079Symptoms: The CPU usage may reach 100 percent in the IGMP Input process when a ULD interfaceis down.When the downstream UDL interface (on downstream router) down, any (downstreamrouter) local received IGMP report/leave will be sent to router itself 255 times and cause the highCPU.Conditions: This symptom is observed on a Cisco router that has a UDL interface that is connectedto a satellite link after you have upgraded the Cisco IOS software image from Release 12.4(5a) toRelease 12.4(7a). However, the symptom is not release-specific.Workaround: There is no workaround.Further Problem Description: When the UDL link goes down, the downstream router starts to floodIGMP reports to himself, and in the Cisco IOS Releases 12.4(7a), 12.4(8), 12.3(19) theCisco IOS isreally processing this packets, which has a big impact on the CPU utilization. CSCsg39295Symptoms: Password information may be displayed in a Syslog message as follows:%SYS-5-CONFIG I: Configured from scp://userid:[email protected]/config.txt byconsoleConditions: When using SNMP to modify a configuration by means of theCISCO-CONFIG-COPY-MIB, selection of ConfigCopyProtocol of SCP or FTP may result in thepassword being exposed in a syslog message.Workaround: When using SNMP to modify a configuration by means of theCISCO-CONFIG-COPY-MIB, use the ConfigCopyProtocol of RCP to avoid exposure of thepassword. CSCsg40573Symptoms: A Cisco 7600 series may enter a state in which the FIB is frozen, and the syslog mayshow information similar to the following:%MLSCEF-SP-2-SANITY FAIL: Sanity Check of MLS FIB s/w structures failed%MLSCEF-SP-2-FREEZE: hardware switching disabled on cardIn this frozen state the data plane is not affected, but new forwarding information does not take effecton the hardware, causing an inconsistency between MPLS or IP software forwarding and thehardware.Conditions: This symptom is observed when the TCAM information for a label or prefix and maskdoes not match the software version, which prevents the TCAM driver from deleting the label orprefix and mask. For example, the symptom may occur when a label is moved from one type (forexample, form an aggregate label) to another other type (for example, to a non-aggregate label).Workaround: There is no workaround to prevent the symptom from occurring. When the symptomhas occurred, reload the router.Further Problem Description: You can check the status of the FIB by entering the show mls cefhardware i TCAM command. When the symptom has occurred, the output of this command showsthe following:CEF TCAM v3: (FROZEN)Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA71386OL-10394-05 Rev. R0

CSCsi26184Symptoms: A router may crash and generate the following error messages:%SYS-2-CHUNKBOUNDSIB: Error noticed in the sibling of the chunk pak subblock-Process "LFDp Input Proc"%SYS-2-CHUNKBADMAGIC: Bad magic number in chunk header, chunk-Process "LFDp Input Proc"%Software-forced reloadConditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(31)SB2and that is configured for MPLS. Note that the symptom is not release-specific.Workaround: There is no workaround. Note that the symptom does not occur inCisco IOSRelease 12.2(28)SB5. CSCsj73669Symptoms: Link flaps may intermittently occur on TenGigabit Ethernet interfaces with certainXenpak transceivers.Conditions: This problem only occurs on 10GBASE-SR. As DOM is not supported for this Xenpaktype by Cisco IOS, the interaction between the Xenpak DOM hardware and the Cisco IOS DOMpolling mechanism may cause the link to flap.Workaround: There is no workaround. CSCsj83102Symptoms: RP may crash with a bus error while trying to configure card type on a PA in a Flexwanwhile that PA/Flexwan is experiencing communication problems with the SUP.Conditions: This is a rare issue which is only seen under certain circumstances when a configurationis attempted on a card which is itself experiencing communication problems with the rest of thechassis/reloading, crashing, and other problems.Workaround: Avoid issuing the card type command while the PA/Flexwan is experiencingproblems. If the card in question is experiencing hardware issues, the problem may also be avoidedby replacing the card. CSCsj85065A Cisco IOS device may crash while processing an SSL packet. This can happen during thetermination of an SSL-based session. The offending packet is not malformed and is normallyreceived as part of the packet exchange.Cisco has released free software updates that address this vulnerability.Aside from disabling affected services, there are no available workarounds to mitigate an exploit ofthis vulnerability.This advisory is posted at 0924-ssl.shtml. CSCsj88208Symptoms: The digital optical monitoring (DOM) feature may be disabled on Xenpak modules ofthe type SR, LR, ER, LR , and ER . However, when this situation occurs, the Xenpak modules canstill be used to pass traffic.Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 seriesrouter that runs Cisco IOS Release 12.2(33)SXH or Release 12.2(33)SRB.Workaround: There is no workaround.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA7OL-10394-05 Rev. R01387

Further Problem Description: Note that an LR Xenpak module is an LR Xenpak module with a partnumber of “10-1838-04” and that an ER Xenpak module is ER Xenpak module with a part numberof “10-1888-04”. CSCsk06769Symptoms: Shut of any LAN interface can cause the MAC address table to go bad, and all the trafficflowing through that VLAN may stop.Conditions: The show mac-address-table dynamic command shows that all the MAC addresses arelearned on the BCP trunk port which is WAN link.Workaround: 1.Though not valid but shut/no shut of the WAN link can re-establish the MAC address tablecorrectly.2.Use static MAC address entries for all MAC addresses to be learned over WAN interface usingthe mac-address-table static mac- add vlan id interface id command. Make these static entrieson both ends.CSCsk07255Symptoms: A Sip-600 may reload when an SSO switchover is performed.Conditions: The problem is observed in a Cisco 7600 series router with redundant supervisorengines and a SIP-600 line card. The SIP-600 may reload when an SSO switchover is performedbetween the Active and Standby supervisor engines.Workaround: There is no workaround. CSCsk32209Symptoms: Crash is seen in generating RSA keys.Conditions: This symptom happens before applying crypto map command.Workaround: There is no workaround.Further Problem Description: This problem is not seen on SUP730 or SUP32. It is only seen onRSP720. It is due to local variables that are used globally. CSCsk33740Symptoms: Increasing the IPSec anti-replay window size to 1024 by the crypto ipsecsecurity-association replay window-size [1024] command could cause the following errormessages:Aug 17 11:10:33 PDT%SPA-IPSEC-2G-4-ICPUPP13: slot 4/2 Policy check failed forpkt src: dst: proto:17 SA index:0x9307and/orJul 28 23:53:16.276%SPA-IPSEC-2G-4-ICPUPP9: slot 9/2 Packet src: seq num:0x6cc failed replay check last seq num:0x803ffffffor SA:0xc6a4.Workaround: Remove crypto ipsec security-association replay window- size [1024]. CSCsk41134Symptoms: Several problems can be observed when using VPNs on routers related to the parsing ofthe ID payload of the client. Possible symptoms include:– the RSA signature negotiation fails with a “signature invalid” message.– the certificate based authentication with ISAKMP profiles will not select the correct profile, andthe connection will use the default settings.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA71388OL-10394-05 Rev. R0

In all these cases the ISAKMP negotiations do not work.Conditions: This symptom occurs when using certificate based authentication with ISAKMPprofiles.Workaround: There is no workaround.Further Problem Description: After enabling ISAKMP debugging you will see in the first case:ISAKMP:(68001): processing SIG payload. message ID 0ISAKMP:(68001): signature invalid!or possiblyISAKMP (0:13005): FSM action returned error: 2In the second case you will either see:ISAKMP:(68001): processing ID payload. message ID 0ISAKMP (68001): ID payloadnext-payload : 6type: 9Dist. name parsing failedprotocol: 17port: 500length: 185ISAKMP:(68001):: UNITY's identity FQDN but no group infoISAKMP:(68001):: peer matches *none* of the profilesOr00:03:18: ISAKMP (0:268435457): ID payloadnext-payload : 6type: 9Dist. name:protocol: 17portlength: 500: 73(Notice the empty "Dist. name" field) CSCsk47954Symptoms: The show running-config command takes 30 seconds to display the configurations.Conditions: The “module provision 1 first-insert” configuration was present when this issue wasseen. This problem is seen in VTY line, whereas the show running-config command executed fromthe CONSOLE line displays the configurations without any delay. This symptom is seen in raresituations.Workaround: If the show running-config command output needs to be displayed without 30seconds delay, the CONSOLE line can be used to run this command. CSCsk60769Symptoms: K1K2 values are not reflected correctly when the Tx cable on the protect channel onCisco 7600 POS interface is pulled out or when there is any LRDI alarm.Conditions: This symptom is observed on a Cisco 7600 series router that is running Cisco IOSRelease 12.2(33)SRB.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA7OL-10394-05 Rev. R01389

Workaround: There is no workaround. CSCsk61790Symptoms: Syslog displays password when copying the configuration via FTP.Conditions: This symptom occurs when copying via FTP. The Syslog message displays thepassword given by the user as part of syntax of FTP copy.Workaround: There is no workaround. CSCsk63233Symptoms: When SPA on one slot is shut, the other one takes over. If the Cheronia is reset after this,the router crashes.Conditions: This symptom is seen under the following conditions:1.Two zambonis with redundancy are configured.2.The Active SPA should be shut down.3.Reset on Cheronia after the standby takes over.Workaround: There is no workaround.Further Problem Description: Have two zambonis with redundancy configured between them. Thereare 500 vti tunnels, 500 IVRF and 1 FVRF configured. On shutting down the SPA in 1/1 slot, 1/0takes over, and then on resetting the Cheronia, the router crashes.The crash can be seen with just 1 tunnel, 1 IVRF and a FVRF.Steps to reproduce: 1.Configure the router with the attached configurations2.Shut down the spa in slot 1/1.3.Once the spa in slot 1/0 takes over, reset the Cheronia in slot 1. 4. The router Crashes.CSCsk67457Symptoms: Traffic stops flowing on an interface that is configured for Bridge Control Protocol(BCP) over Multilink PPP (MLP).Conditions: This symptom is observed on a cisco 7600 series when one of the member links of theMLP interface is shut down.Workaround: Bring up the member link that is shut down.Alternate Workaround: Reset the MLP bundle interface. CSCsk78390Symptoms: A crash is seen when we do FPD upgrade paralleL.Conditions: This symptom is observed when there is a parallel FPD upgrade.Workaround: Do a single FPD upgrade at a time. CSCsk86114Symptoms: Sometimes, a 7600-SIP-200/7600-SIP-400 on a Cisco 7600 series router reportsmemory corruption and restarts.Conditions: This happens when LFI is enabled on multiple ATM VCs of an ATM interface on anATM-SPA hosted by 7600-SIP-200/7600-SIP-400.Workaround: There is no workaround.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA71390OL-10394-05 Rev. R0

CSCsk86642Symptoms: SPA-2xOC3-POS is not seeing the correct K1/K2 bytes on working group 1 APS, whenswitching from Protect to Working port.Conditions: This was observed in a lab environment with a Cisco 7604 router back to back with aCisco 7206 router. Code tested Cisco IOS Release SRA1 and Cisco IOS Release SRA2.Workaround: 1.Hw-slot reset on the Sip400-SPA corrects the problem.2.A shut/no shut on the protect interface corrects the problem.CSCsl24391Symptoms: A Cisco 7600/SUP-720/WS-6582-2PA/PA-A6-OC3 that is running Cisco IOSRelease 12.2(33)SRA2 configured for ATM local switching may experience a condition where theLocal Switching cross connect fails to pass traffic. This will be accompanied by show atm pvcreporting:Remote Circuit Status F1 Alarm, Alarm Type LOSConditions: This symptom occurs when ATM local switching is configured. This issue occurs whenboth SONET ATM interfaces enter a S-LOS state at or near the same time, which may result intraffic loss.Workaround: Removing and re-adding the connect command alleviates the condition. CSCsl41230Symptoms: VPN SPA, with crypto map interesting traffic based on TCP ports, is broken.ip access-list extended b2b-pokuspermit tcp host eq telnet tcp host eq telnet tcp host eq telnetpermit tcp host eq telnetpermit tcp host eq telnetConditions: This symptom is observed on s72033-advipservicesk9 wan-mz.122- 33.SXH.bin.Workaround: The problem is not seen with s72033-advipservicesk9 wan-mz.122- 18.SXF7.bin.Further Problem Description: This also fails for deny statements based on TCP ports in the cryptoACL. The SPA will encrypt this traffic that should be denied. CSCsl54243Symptoms: A SIP-400 will crash on a Cisco 7600 series router after inserting an SPA then removinga VLAN subinterface.Conditions: This symptom is observed on a Cisco 7600 series router with a SIP- 400 line cardrunning Cisco IOS Release 12.2(33)SRA5. VLAN subinterfaces that exist prior to inserting an SPAwill cause the SIP to crash if they are unconfigured after inserting another SPA.The specific steps that cause the SIP-400 to crash are:1.Configure a VLAN subinterface on an SPA. 7600(config)#int gi 2/0/0.1007600(config-subif)#encap dot1q 1002.Physically insert another SPA into the SIP-400.3.Unconfigure the subinterface and observe the SIP-400 crash. 7600(config)#no int gi 2/0/0.100Workaround: There is no workaround.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA7OL-10394-05 Rev. R01391

CSCsm12247Symptoms: A Cisco IOS router configured for WCCP may stop redirecting traffic following achange in topology.Conditions: The router must be configured for WCCP redirection using the hash assignment method.When there is only a single appliance in the service group, the loss of hash assignment details ispermanent. However with multiple appliances in the group, the loss of assignment information istransitory; the router soon recovers.Workaround: To recover the assignment details, the WCCP configuration needs to be removed andre-added to the router. Use the no ip wccp service command followed by ip wccp service argscommand.Resolved Caveats—Cisco IOS Release 12.2(33)SRA6Cisco IOS Release 12.2(33)SRA6 is a rebuild release for Cisco IOS Release 12.2(33)SRA. The caveatsin this section are resolved in Cisco IOS Release 12.2(33)SRA6 but may be open in previous Cisco IOSreleases.Interfaces and Bridging CSCek65222Symptoms: A non-parseable Ethernet configuration is nvgened for a VLAN.Conditions: This symptom is observed when you enter the encap dot1q 1 native command, and thecommand is rejected. When you enter the encap dot1q 1 command, the command is accepted.However, in this situation, the output of the show running-config command shows that the encapdot1q 1 native command is present, which would have been rejected.Workaround: There is no workaround.IP Routing Protocols CSCse99493Symptoms: A router that is configured for NAT Overload may crash while performing dynamictranslation from many ports to one port.Conditions: This symptom is observed after more than 5000 translations have been performed.Workaround: There is no workaround. CSCsg55591Symptoms: When there are link flaps in the network, various PE routers receive the following errormessage:%BGP-3-INVALID MPLS: Invalid MPLS label (1) received in update for prefix155:14344: from, a local label is not programmed into the forwarding table for a sourced BGP VPNv4 network.Conditions: These symptoms are observed when an iBGP path for a VPNv4 BGP network is present,and then a sourced path for the same route distinguisher (RD) and prefix is brought up.Workaround: Remove the iBGP path. Note that when the sourced path comes up first, the symptomsdo not occur.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA71392OL-10394-05 Rev. R0

Alternate Workaround: Use different RDs with the different PE routers. When the RD and prefix donot match exactly between the iBGP path and the sourced path, the symptoms do not occur. CSCsg97662Symptoms: When you enter the no ip nat service skinny tcp port 2000 command, NAT is notdisabled on port 2000. This situation causes NAT to be applied to SCCP packets, and causes the CPUusage to be very high.Conditions: This symptom is observed when an application is running on the port 2000.Workaround: There is no workaround.Further Problem Description: SCCP and NAT for voice are not supported in Cisco IOS Release 12.2or a release that is based on Release 12.2. The no ip nat service skinny tcp port 2000 command isnot supported in these releases.ISO CLNS CSCsj72039Symptoms: The prefix of a serial interface that is configured for PPP or HDLC and that functionsas a passive interface for IS-IS may not be installed in the local IS-IS database.Conditions: This symptom is observed on a Cisco router that runs Cisco IOS Release 12.2(18)SXF6but is not release-specific.Workaround: Remove and reconfigure the passive-interface command.First Alternate Workaround: Enter the clear isis * command.Second Alternate Workaround: Enter any command that triggers the generation of the local IS-ISdatabase.Miscellaneous CSCdz55178Symptoms: A router that is configured for QoS may reload unexpectedly or other serious symptomssuch as memory corruption may occur.Conditions: This symptom is observed on a Cisco router that has a cable QoS profile with a namethat has a length that is greater than 32 characters as in the following example:cable qos profile 12 name [email protected] for any softswitch Traa C00000000011111111111222222222333 12345678901234567890123456789012 PROBLEM(Variable Overflowed).Workaround: Change the name of the cable QoS profile qos profile to a length that is less than 32characters. CSCeb35205Symptoms: A Cisco router may reload when a subdirectory is created on an Advanced TechnologyAttachment (ATA) Flash disk.Conditions: This symptom is observed when the ATA Flash disk space that is allocated to thesubdirectory contains data from previously deleted files.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA7OL-10394-05 Rev. R01393

When a subdirectory is created or extended, it is given space on the ATA Flash disk. If this spacecontains zeros, the symptom does not occur. However, if the space was previously used, the spacedoes contain data bytes from the previous file, and these data bytes may confuse the file system. Thissituation may cause the router to reload.Workaround: Do not create subdirectories on the ATA Flash disk. CSCek66590Symptoms: A router may crash when you enter the show hw-module subslot slot/subslot command.Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 seriesrouter that are configured with a SPA services carrier (7600-SSC-400).Workaround: There is no workaround. CSCek68108Symptoms: A “INTSCHED: suspend” error message may be generated on a router that is configuredwith a SPA-IPSEC-2G, and the router may crash.Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch an Cisco 7600 seriesrouter after you have removed the crypto map in crypto-connect mode.Workaround: There is no workaround. CSCsa96972Symptoms: A Dbus header error interrupt may occur during a recovery procedure on a DFC3, andthe following error message is generated:%EARL L3 ASIC-DFC5-3-INTR WARN: EARL L3 ASIC: Non-fatal interrupt PacketParser block interruptConditions: This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 seriesrouter when a recovery procedure occurs because of a transient problem in hardware forwarding.Workaround: There is no workaround. However, the error message indicates a harmless (non-fatal)error and does not have any impact on the traffic and proper functioning of the platform. CSCsb21941Symptoms: A supervisor engine may reset unexpectedly, and the following error messages may begenerated:%PFREDUN-SP-7-KPA WARN: RF KPA messages have not been heard for XXX seconds%OIR-SP-3-PWRCYCLE: Card in module 1, is being power-cycled (RF request)Conditions: This symptom is observed on a Cisco Catalyst 6500 series switch and Cisco 7600 seriesrouter when “super jumbo” frames (greater than 10,000 bytes) are being used.Workaround: There is no workaround. The symptom can be mitigated by ensuring that all NICs onthe domain are configured with a frame size that is smaller than 10,000 bytes. CSCsb74409Symptoms: A router may keep the vty lines busy after finishing a Telnet/Secure Shell (SSH) sessionfrom a client. When all vty lines are busy, no more Telnet/SSH sessions to the router are possible.Conditions: This symptom is observed on a Cisco router that is configured to allow SSH sessions toother devices.Workaround: Clear the SSH sessions that were initiated from the router to other devices. CSCsd70321Symptoms: Traffic stops flowing when you reset a line card and immediately afterwards an SSOswitchover occurs.Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA71394OL-10394-05 Rev. R0

Conditions: This symptom is observed on a Cisco 7600 series.Workaround: Enter the shutdown interface configuration command followed by the no shutdowninterface configuration command on the line card. CSCsd85278Symptoms: A diagnostics test for bus connectivity on a SIP-400 fails.Conditions: This symptom is observed on a Cisco 7600 series that runs Cisco IOSRelease 12.2(33)SRB when the vlan internal allocation policy ascending command is enabled.Workaround: Remove the vlan internal allocation policy ascending command. CSCsf11353Symptoms: A FlexWAN, FlexWAN2, or SIP-200 may crash when you attach or remove servicepolicies to or from vi

1384 Caveats for Cisco IOS Release 12.2(33)SRA through 12.2(33)SRA7 OL-10394-05 Rev. R0 † Open Caveats—Cisco IOS Release 12.2(33)SRA, page 1471 † Resolved Caveats—Cisco IOS Release 12.2(33)SRA, page 1476 Resolved Caveats—Cisco IOS Release 12.2(33)SRA7 Cisco IOS Release 12.2(33)SRA7 is a rebuild rel