January 24, 2000
Products Affected
|
Product |
Description |
|---|---|
|
RSP7000 |
Cisco 7000 Series Route Switch Processor (RSP) |
|
RSP2 |
Cisco 7500 Series Route Switch Processor (RSP) |
|
RSP4 |
Cisco 7500 Series Route Switch Processor (RSP) |
|
RSP8 |
Cisco 7500 Series Route Switch Processor (RSP) |
|
RSM |
Catalyst 5000 Family Route Switch Module (RSM) |
Problem Description
On all RSP and RSM processors, when an interface in the router is configured with an IPSec crypto map and the switching mode is Cisco Express Forwarding (CEF), the RSP and RSM will restart when it attempts to decrypt IPSec packets.
This defect is tracked with CSCdp58142.
Background
CSCdp58142 exists due to CSCdm60335 and CSCdp21248.
CSCdm60335 affected Cisco IOS 12.0T and 12.0(5)XE trains.
CSCdp21248 affected Cisco IOS 12.0, 12.0T, 12.0XE, and 12.0S trains.
Problem Symptoms
The problem manifests as a system restart when IPSec and CEF switching is running on RSP and RSM processors that are running software that has not implemented the fix for the software defect CSCdp58142.
Workaround/Solution
The short-term workaround for systems running affected Cisco IOS images is to turn the CEF switching option off on all interfaces that have crypto map entries applied to them.
The Cisco IOS interface configuration command to turn CEF off is presented below:
router(config-if)# no ip route-cache cef
Note:?More detailed information on the no ip route-cache cef command can be found in the Cisco documentation.
Warning:?Disabling the CEF functionality may substantially reduce the throughput performance of an interface.
The long-term solution requires that customers upgrade their Cisco IOS image. The table below provides the needed Cisco IOS upgrade path.
Solution for CSCdp58142
|
Cisco IOS |
Cisco IOS Maintenance |
Cisco IOS Image |
Cisco IOS Availability |
|---|---|---|---|
|
12.0 |
12.0(9) |
rsp-*56i-mz, c5rsm-*56i-mz |
CCO - January 31, 2000 |
|
12.0XE |
12.0(7)XE1 |
rsp-*56i-mz, rsp-*k2*-mz |
CCO - January 31, 2000 |
|
12.1 |
12.1(1) |
rsp-*56i-mz, rsp-*k2*-mz, c5rsm-*56i-mz, c5rsm-*k2*-mz |
CCO - Anticipated availability |
|
12.1T |
12.1(1)T |
rsp-*56i-mz, rsp-*k2*-mz, c5rsm-*56i-mz, c5rsm-*k2*-mz |
CCO - Anticipated availability March/April 2000 |
|
12.1E |
12.1(1)E |
rsp-*56i-mz, rsp-*k2*-mz, c5rsm-*56i-mz, c5rsm-*k2*-mz |
CCO - Anticipated availability March/April 2000 |
DDTS
To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.
|
DDTS |
Description |
|---|---|
|
EWAN:IPSec:7500 peer-peer ping caused routers crash |
|
| ? | ? |
Cisco IOS Versions Affected
The following Cisco IOS images are affected by CSCdp58142.
Note:?The k2 feature set Cisco IOS images are TripleDES Cryptographic, Secured, and are Export Controlled.
CSCdp58142 Affected Cisco IOS Images
|
Cisco IOS |
Cisco IOS Maintenance |
Cisco IOS Images |
|---|---|---|
|
12.0 |
12.0(8) |
all rsp-*56i-mz, c5rsm-*56i-mz |
|
12.1T |
12.1(1)T |
all rsp-*56i-mz or rsp-*k2-mz images c5rsm-*56i-mz or c5rsm-*k2-mz images |
|
12.0XE |
12.0(5)XE through 12.0(5)XE7T |
all rsp-*56i-mz or rsp-*k2-mz images |
|
12.0S |
12.0(7)S through 12.0(8)S |
all rsp-*56i-mz or rsp-*k2-mz images |
How To Upgrade Software
Maintenance Solution
To obtain the next maintenance release, see the instructions below:
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: