Possibly hitting a bug(s) in 12.4(3g) on a 2811

Unanswered Question
Mar 4th, 2008


I am running 12.4(3g) C2800NM-ADVSECURITYK9-M on a 2811.

What I have occurring I can find no explanation for -- all traffic completely halts, and seemingly fairly randomly. When it occurs can not access the router nor can I route out any of its interfaces for about 2-3 minutes, then the problem clears. Nothing in the logs, no indicators of heavy broadcast traffic, link down, or excessive NAT sessions.

I've seen lots of bugs for 12.4 code on 2811s, but what I can not find are the release notes for this particular code release which I desperately need since I do not have access to bugtool or any of the service contract based tools.

If you would be so kind, I'd appreciate a link for the release notes for c2800nm-advsecurityk9-mz.124-3g.bin that I can get to without having to have a service contract to read it... and possibly any known bugs/fixes that might be applicable given the information I can provide. Perhaps I can get them to buy into some support if we have a known code issue.

Set up is fairly basic..

- Multilink interface w/ 2 T1s:

Handles a single Static NAT for VOIP with policy routing for bandwidth reservation and IPSEC VPN tunnel trafic only

- DSL interface:

Handles all outbound internet traffic, except the above on Multlink

- 3 Inside interfaces, Fast 0/0 to a switch for LAN, Fa0/1 for wireless users, and Gig 1/0 which ties in a 16 port PoE card where VOIP sits

- Since we NAT out 2 different interfaces, there is also policy routing applied on most of the internal interfaces

Thank you for your help. Appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Richard Burts Tue, 03/04/2008 - 11:08


As far as I can tell this link does not require special privileges to access and it points you to the release notes for 12.4:


or this link for the release notes for new features:


or this link for the caveats:




packetfish Tue, 03/04/2008 - 12:04

Thanks for the links.

However, the issue is most of the info provided only tells me is what was fixed in my release. Its not telling what bugs are in 12.4(3g) per se. What I need is a known bug list for 12.3(3g), not what was fixed in it. Although its nice to see what got fixed a release above mine I am not 100% confident this info is really complete in terms of known bugs in my specific release.

If the only way to do that is have a support contract and access to the bug toolkit then please tell me now before I spend too much time guessing if what I have going on is a bug or not.


Richard Burts Tue, 03/04/2008 - 12:15


The caveats section of the release notes generally lists the known problems in a release. Did you check the caveats link that I posted?

Beyond the caveats the things that I know of that describe known bugs generally require some level of access privilege.



packetfish Tue, 03/04/2008 - 13:30

Yes, I did check caveats -- it lists things FIXED in the release, as such I went to the release following it and looked at its caveats that were fixed so I had some idea of what might be broken.

No bugs listed as *fixed* in my release or the one after it seem like 100% fit, hence kinda why the bug tool would have been very helpful here.

Cisco really should consider not locking out folks that use their products from accessing the bug tool. To me it follows no logic because service contract or not, Cisco stands to get some excellent feedback from all their users as to possibly serious issues in code and an opportunity to improve and fix their product.

Anyways, thanks for your help.

Richard Burts Tue, 03/04/2008 - 13:40


I wish that I had more to offer. In my experience Cisco does better than some vendors about making information and tools available. I sympathesize that you wish that they did even more.



packetfish Thu, 03/06/2008 - 06:56

Thanks for going to bat for me Rick. ;-)

I got a little newer train of code from our reseller, and took the opportunity to make some suggestions to Cisco in terms of support offerings for lower end office type gear -- I think they'd be doing themselves a favor in the small office space to give you at least one year of support and software upgrades for something like a 2811 or smaller...and not for any other reason then they tend to ship buggy code, and no one wants a new router with broken code on it, or to have to spend thousands on a support contract just fix something like that.

Paolo Bevilacqua Tue, 03/04/2008 - 13:46

Please excuse me if I'm going to be blunt with all the due respect for your business.

You're using a router costing many thousands of dollars for important business I suppose.

It seems reasonable to spend 4 or 5 hundred dollars annually for a support contract that, beside giving access to the full set of tools ans software upgrades, also puts at your disposition all the expertise of the cisco tac, and last but not least, an advanced replacement if case of hardware failure.

Paolo Bevilacqua Thu, 03/06/2008 - 07:02

Hi, the low rating above to my polite observations just shows you wrong attitude in this business.

Good luck!

packetfish Thu, 03/06/2008 - 07:10

Its, not helpful to say 'what did you expect, pay for support'.... you're telling me what I already know about support, and I am saying this is wrong that Cisco ships broken code on devices and then turns around and intends to charge for it -- especially smaller devices. If you read my response you'll understand why.... Cisco's solutions are always to 'spend more money', or lock me in to lifetime support costs and that's what you're suggesting. I paid for a working device, Cisco shipped one with buggy code.

There is nothing unprofessional about rating your post low...it would have been as high as Rick's if it was useful.

I just don't appreciate 'canned corporate responses'.

Good day sir -- and BTW, I got a newer train from my reseller, no thanks to Cisco, and it did NOT require I spend a couple thousand on support contracts.

Paolo Bevilacqua Thu, 03/06/2008 - 07:34

Hi, you're entitled to your opinions and that's all fine with me. But, just to get a couple of facts straight:

1st, price support contract can be in low hundreds depending on the level choosen. If you are quoted more, probably you reseller has not explored all the options.

2nd, it can sound a canned corporate, but after 15 year of working with cisco gear, It has become my personal option too - to have ciscos w/o at least one support contract, means unprofessional operation and it paves the road to failure and frustration.

Again, nothing locks you to cisco, you can vote with your feet, buy an equivalent of the 2811 from competition, we will be delighted to hear from you in one year, how the product is, and how the support.

packetfish Thu, 03/06/2008 - 18:15

Wow I ruffled some feathers. Wasn't trying to and probably should not have gave your post a 1 just because you told me to go buy some support. I never dreamed my post on a bug would lead to all this, but I don't think its a bad thing.

I merely suggested you not be so restrictive with what one can see on CCO since any users comments pertaining to bugs stand to help improve products, and I was a little ticked about, like I said, the canned response, 'buy support'.

I've worked with Cisco gear as long as you. I agree w/ many of the comments surrounding code. Its a job I would not want myself given the codebase for all the different drivers and boards. But that's why this stuff costs so much, development time! For smaller products, if I paid 10K for it, whats so bad that I expect at least one free code upgrade in the first year and maybe 1-2 TAC incidents?

The assumption my reseller hasn't explored all the options - as harsh as my rating your post a 1. You're assuming I know nothing. I've supported a carriers network with 25K+ Cisco devices in it, bug scrubs, contract renewals, and hardware audits as well as all the engineering duties one typically has. I know a thing or two about how Cisco operates hardware-wise and operationally as a company. NO Cisco is not bad at all at the end of the day. Your website for one is certainly better than Juniper's, but overall their support is just as good or better than yours. I think you missed one minor point, start-ups typically don't burn cash on support contracts if they don't need to. God no one does if they can get away with it, even carriers. Often those choices aren't even in the IT guy's hands but the finance dept.

In ref to #2, buying support for one device and using it for multiple devices you have that are the same is a violation of the licensing agreement for any of Cisco's code -- unless of course that has changed, support costs are per device. I'm even trying to not break the law too here believe it or not.

If you one can get equipment running reliably code-wise for what you are doing, and its architecturally redundant, then no I don't think its unprofessional and necessarily leads to ruin. If it were the case I'd have failed long ago.

I have 4 3750Gs in a data center that do all the routing and switching for our network of a steadily growing 50+ servers that are about 50K a piece. PIXes at the edge for about 2-3 years now. How? Because the code we're using is stable for what we do, and I built redundancy into the design. Worse case I have one switch fail, but most likely not 2 in the same stack so I can get away with risking it since I have trunks to cover my butt. I don't think I'm unprofessional to save some cash if I can. I can always push for $$ for support if it really is a pain point.

At the end of the day, this was not really about support or how cruddy Cisco is or isn't, it was about finding info on bugs. There's no doubt we'd ideally have support so I can easily do that, but its about operating as cheaply and reliably as you can in the case of a start-up, and you do that as long as you can get away with it. Least if you want to stay cash positive.

You'll note despite some of my gripes about code and seeing bugtool info, I'm not using some cracker jack gear from TigerDirect or a competitor. I am happy with the gear overall.

I'm afraid the only real gripe I had was no ability to look at bugs for a single 2811, nonetheless did I want to have to pay a couple hundred bucks for a train of the same code w/out several sev1 security bugs in it.

I really enjoyed the fact that I got so many engaged on the topic of support. I'd like to see Cisco talk more openly to their users about it.

I'm vendor agnostic as are most. You use what's most reliable and cost effective, then if it isn't a Cisco product Cisco usually buys them if its decent. *chuckle*

Thank you. Everyone have a pleasant weekend...hopefully free of paging or cell calls that last into the wee hours.

packetfish Thu, 03/06/2008 - 07:02

It also seems reasonable to me if I spend 10K on a router, that the code shipping on it isn't full of bugs that requires a upgrade that I can only get if I have support contract costing a couple thousand.

Also this isn't a GSR, its dinky office router.

Its like buying a car with an engine that has no crankshaft...then telling the buyer...that's extra if you actually want to start and be able to drive it

Cisco tends to write bad code IMHO so they can lock their customers into lifetime service contracts.

If I didn't have buggy code that shipped on my device I wouldn't be here.

marikakis Thu, 03/06/2008 - 07:32


With the risk of also being rated with a 1.0 (I am afraid the 0.0 is not possible), I must say that most programmers try to write the best code they can. A business or person that intentionally writes bad code would not survive a single day. The thing is simple: Writing software, especially low level code for embedded systems is hard (requires time, knowledge, focus, attention to detail, experience). On the other hand, mistakes are easy to be made and that's why you need a contract. Have you ever tried to write such code?

Cars have been here for more than a century, with no features being added every other day. Even though cars are here for so many years, there has been a car manufacturing company (not very long time ago) that had the airbags manufactured in such a way that you could easily get decapitated. Thank God in most cases networking is not so critical (although it can be in some applications). In any case, networking is getting better and better and Cisco is big contributor. I am not to say that there are no things with Cisco (or with the tough ways that business is done in general by any company) that I don't like. In most cases however with Cisco I see impressive products, nice people, great documentation and knowledge sharing. Keep walking...

Kind Regards,


Paolo Bevilacqua Thu, 03/06/2008 - 07:44

Maria, your opinion is reasonable and appreciated. But I think that nobody here implies that cisco's programmers do not strive for the best.

I also happen to think that cisco's SW quality is often lacking. I've been a dev testing engineeer at cisco, and I can tell you, that better it could be done.

Then that doesn't change a bit my overall opinion: they have impressive products, nice people, great documentation and knowledge sharing - I made mine your words!

Another thing we didn't mentioned - cisco often grants TAC access to customers without a support contract, especially in serious cases involving major defects.

marikakis Thu, 03/06/2008 - 07:55

Paolo, I have being writing code for non-cisco DSLAM for a couple of years. Problem with this networking business is that everything happens so fast. No time to do things better. Code is written quickly, testing is done quickly, mistakes are inevitable when you move fast. But we will get there eventually :-)

Kind Regards,


packetfish Thu, 03/06/2008 - 18:19

I am right there with you Maria... that's what I am saying too in way way too many words!

The products are great, the people at Cisco I've been blessed with working with, all great.

But the code quality has been lacking for sometime whether its a 2811 or something as large as a GSR.

Cisco could do much better on that front. Much much better.


This Discussion