Table Of Contents
Release Notes for Cisco PDSN Release 5.2 in IOS Release 12.4(22)XR7
Migration Scenarios for Cisco PDSN 5.2
Upgrading to New Software Release
Determining the Software Version
Upgrading the Supervisor Image
Changing Configuration on Cisco PDSN in a Live Network
Cisco PDSN Software Features in Release 12.4(22)XR7
Unresolved Caveats in Cisco IOS Release 12.4(22)XR7
Obtaining Documentation and Submitting a Service Request
Release Notes for Cisco PDSN Release 5.2 in IOS Release 12.4(22)XR7
Published: August 2010, OL-23372-01Cisco IOS Release 12.4(22)XR7 is based on Cisco IOS Release 12.4, with enhancements to the Cisco Packet Data Serving Node (Cisco PDSN) feature. This Cisco PDSN Release 5.2 based on IOS Release 12.4(22)XR7 is optimized for the Cisco PDSN feature on the Cisco Service and Application Module for IP (SAMI) card on the Cisco 7600 Series Router.
Contents
These release notes include important information and caveats for the Cisco PDSN software feature provided by the Cisco IOS 12.4(22)XR7 for the Cisco 7600 Series Router platform.
This release note describes:
•Upgrading to New Software Release
•Cisco PDSN Software Features in Release 12.4(22)XR7
•Obtaining Documentation and Submitting a Service Request
Introduction
Cisco PDSN is an IOS software feature that enables a SAMI card on a Cisco 7600 Series Router to function as a gateway between the wireless Radio Access Network (RAN) and the Internet. With Cisco PDSN enabled on a router, a stationary or roaming mobile user can access the Internet, a corporate intranet, or Wireless Application Protocol (WAP) services. Cisco PDSN supports both simple IP and mobile IP operations.
System Requirements
This section describes the system requirements for running Cisco IOS Release 12.4(22)XR7:
•Cisco PDSN Software Features in Release 12.4(22)XR7
Memory Requirements
To install Cisco PDSN Release 5.2 that supports the SAMI card on the Cisco 7600 Series Router, ensure that you meet the following memory requirements:
•Platform: Cisco 7600 Series Router
•Software/Feature Set: PDSN
•Image Name: 12.4(22)XR7 - c7svcsami-c6ik9s-mz.124.22.XR (This file is a bundled image.)
•Required Memory:
–Flash: 256 MB
–DRAM: 2048 MB
•Runs from: RAM
Hardware Supported
Cisco IOS Release 12.4(22)XR7 is optimized for the SAMI card on the Cisco 7600 Series Router.
You can use the Hardware-Software Compatibility Matrix tool to search for hardware components that are supported on a Cisco platform and an IOS release.
Note You must have a valid Cisco.com account to log in to this tool: http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Software Compatibility
Cisco IOS Release 12.4(22)XR7 is developed on Cisco IOS Release 12.4 and supports the features included in Cisco IOS Release 12.4, with the addition of the Cisco PDSN feature.
For information on the new and existing features, see Cisco PDSN Software Features in Release 12.4(22)XR7.
MIBs
Old Cisco MIBs will be replaced in a future release. Currently, OLD-CISCO-* MIBs have been converted to more scalable MIBs—without affecting existing Cisco IOS products or NMS applications. You can update deprecated MIBs, to the replacement MIBs as shown in Table 1.
Migration to Cisco PDSN
This section describes the migration paths and scenarios for Cisco PDSN Release 5.2:
•Migration Path for Cisco PDSN
•Migration Scenarios for Cisco PDSN 5.2
Migration Path for Cisco PDSN
Table 2 lists currently available Cisco PDSN releases and the migration path to the SAMI card.
Migration Scenarios for Cisco PDSN 5.2
Based on Table 2, there are many possible migration scenarios. This section focuses on those scenarios closest to existing customer deployments. You must determine the migration path based on your end-to-end deployment.
Note•We recommend that you perform the migration during a maintenance window in your deployment.
•You can also use this window for the following network redesign activities:
–Redesigning IP address scheme.
–Configuring the routing protocols.
–Configuring network connectivity between Cisco PDSN and the Home Agent (HA).
–Configuring application connectivity between Cisco PDSN and AAA servers.
–Configuring routing on the new SAMI Cisco PDSN or the HA.
Note For all these migration plans, both hardware and software configurations have significant changes. This requires prudent operation planning and network redesign. The Migration Steps section describes the possible migration steps to minimize both network reconfiguration and service disruption.
Table 3 lists the most common migration scenarios.
Migration Steps
Migration to the Cisco PDSN Release 5.2 image is more than replacing Multi-processor WAN Application Module (MWAM) cards with SAMI modules. Ensure that you plan your migration such that migration activities have a minimal impact on an existing mobile subscriber's service connections.
Table 4 lists the migration tasks that are based on the scenarios established in Table 3.
Upgrading to New Software Release
The following sections describe how to determine the existing software version and how to upgrade your Cisco PDSN:
•Determining the Software Version
•Upgrading the Supervisor Image
•Changing Configuration on Cisco PDSN in a Live Network
For information on upgrading to a new software release, see the product bulletin Cisco IOS Software Upgrade Ordering Instructions, located at:
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm
Determining the Software Version
To determine the version of Cisco IOS software running on your router, log in to the router and enter the show version command in the EXEC mode:
Router# show version
Cisco IOS Software, SAMI Software (SAMI-C6IK9S-M), Experimental Version 12.4(20100227:034944) [jsomiram-CDMA_PDSN_V124_22_XR_R52_DTHO_26022010 102]Copyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 26-Feb-10 19:50 by jsomiramROM: System Bootstrap, Version 12.4(20080703:222712) [plin2-sami-bouncer 104], DEVELOPMENT SOFTWAREPDSN-Act-ftb3-83 uptime is 2 days, 22 hours, 31 minutesSystem returned to ROM by reload at 05:43:51 UTC Fri Aug 1 2008System restarted at 05:48:55 UTC Fri Aug 1 2008System image file is "c7svcsami-c6ik9s-mz.CDMA_PDSN_V124_22_XR_R52_DTHO_26022010"Last reload reason: Reload CommandThis product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to export@cisco.com.
Cisco Systems, Inc. SAMI (MPC8500) processor (revision 2.2) with 786432K/262144K bytes of memory.Processor board ID SAD121202VDFS8548H CPU at 1250MHz, Rev 2.0, 512KB L2 Cache1 Gigabit Ethernet interface65536K bytes of processor board system flash (AMD S29GL256N)Configuration register is 0x2102Upgrading the Supervisor Image
To upgrade the Supervisor image:
Step 1 Copy the SUP image to the disks (for example, disk0: / slavedisk0:).
Step 2 Add the following command to the running-configuration boot system disk0:SUP-image-name. For example:
boot system disk0:s72033-advipservicesk9_wan-mz.122-18.SXE3.bin
Note To enable the image to reload, remove previously configured instances of this command.
Step 3 Run the write memory command to save the running-configuration on the active and standby SUP.
Step 4 Run the reload command on the active SUP.
Both active and standby SUP reload simultaneously and come up with the SXE3-based image.
Note Running the reload command on the active SUP causes both the active and standby Supervisors to reload simultaneously, causing some downtime during the upgrade process.
Upgrading the SAMI Software
To upgrade an Cisco PDSN image on the SAMI card, follow the directions at:
Changing Configuration on Cisco PDSN in a Live Network
To change the working configuration on a Cisco PDSN in a live environment:
Step 1 Bring the standby Cisco PDSN out of service.
For example, to isolate the standby Cisco PDSN from the session redundancy setup, you must run the no cdma pdsn redundancy command.
7600a-Stdy(config)# no cdma pdsn redundancy
Step 2 Run the write memory command to save the configuration.
Step 3 Make the necessary configuration changes on the standby Cisco PDSN, and save the configuration.
Step 4 Run the cdma pdsn redundancy command again and save the configuration.
Step 5 Issue the reload command to bring the standby Cisco PDSN back into the session redundancy setup with the changed configuration. Verify if the processor comes back in the SR setup using the following show commands:
7600a-Stdy# show standby brief
P indicates configured to preempt.|Interface Grp Prio P State Active Standby Virtual IPGi0/0.101 300 110 Standby 20.20.101.10 local 20.20.101.1017600a-Stdy# show cdma pdsn redundancy
CDMA PDSN Redundancy is enabledCDMA PDSN Session Redundancy system statusPDSN state = STANDBY HOTPDSN-peer state = ACTIVECDMA PDSN Session Redundancy StatisticsLast clearing of cumulative counters neverTotal CurrentSynced from active ConnectedSessions 15 15SIP Flows 15 15MIP Flows 0 0PMIP Flows 0 07600a-Stdy# show redundancy inter-device
Redundancy inter-device state: RF_INTERDEV_STATE_STDBYScheme: StandbyGroupname: pdsn-rp-sr1 Group State: StandbyPeer present: RF_INTERDEV_PEER_COMMSecurity: Not configured7600a-Stdy# show redundancy states
my state = 8 -STANDBY HOTpeer state = 13 -ACTIVEMode = DuplexUnit ID = 0Split Mode = DisabledManual Swact = EnabledCommunications = Upclient count = 9client_notification_TMR = 30000 millisecondsRF debug mask = 0x07600a-Stdy#Step 6 Configure the standby Cisco PDSN to take over as active by reloading the current active Cisco PDSN.
Caution Before proceeding with the configuration changes, we recommend that you disable the HSRP preemption configuration on the active and standby PDSN.
Because of a change of configuration following this step, an outage may occur on existing calls on the active PDSN (which is now being taken out of service) when synchronized with new active units.
Step 7 Configure the current standby Cisco PDSN using the procedures described from Step 1 to Step 5.
Note For Cisco PDSN SR to work properly, ensure that configurations on the active and standby Cisco PDSNs are identical.
Cisco PDSN Software Features in Release 12.4(22)XR7
Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay because of United States government regulations. When applicable, the purchaser or user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.
Cisco IOS Release 12.4(22)XR7 supports the same feature sets as Cisco Release 12.4; additionally, it supports the Cisco PDSN feature. Cisco PDSN Release 5.2 includes the following new and existing features:
•Base Station ID in MIP RRQ
•Service Option in MIP RRQ
•Counter for IPCP term request
•Simple IP Client IP Accounting Support
•SNMP New MIB Objects Per PCF
•Support for Common NAI
•Proxy MIP Changes for Latest IS-835
•Simple IPv6 Support
•Access-Request Attributes
•New PPP-per-PCF Counters
•VPDN Conditional Debugging
•GRE CVSE and MN NAI Extension in Revocation Message
•Single IP per Blade
•Osler Support
•Improved Throughput and Transaction Handling
•Cluster Controller Support in Single IP Blade
•IMSI and PCF Redirection
•Mobile IP and AAA Attributes for China Telecom
•Trap Generation for AAA Server Unresponsiveness
•Supervisor Support
•Data Over Signaling
•Differentiated Services Code Point Marking Support
•Nortel Aux A10 Support
•Masking Off IMSI Prefix
•Persistent TFT Support
•Conserve Unique IP-ID for FA-HA IP-in-IP Tunnel
•GRE CVSE Support in FA-HA Tunnel
•Remote Address Accounting
•Default Service Option Implementation
•Configurable Per-Flow Accounting Options
•IP Flow Discriminator Support for PCF Backward Compatibility
•Support for Remark DSCP to Max-class Value
•Command Support for Fragmentation Size
•New Statistics Counters for China Telecom
•Attribute Support
–Served MDN
–Framed Pool
–3GPP2 DNS Server IP
•Virtual Route Forwarding with Sub-interfaces
•Conditional Debugging Enhancements (for Cisco PDSN Release 4.1)
•Multiple Service Connections
•Data Plane
•Subscriber QoS Policy (both downloading per-user profile from the AAA server and configuring a local profile)
•QoS Signaling
•Traffic Flow Templates
•Per-flow Accounting
•Call Admission Control
•PDSN MIB Enhancements (for Cisco PDSN Release 4.0)
•PDSN on SAMI
•Inter-user Priority
•Roamer Identification
•Bandwidth Policing
•Packet Data Service Access—Simple IPv6 Access
•Session Redundancy Infrastructure
•RADIUS Server Load Balancing
•Subscriber Authorization Based on Domain
•PDSN MIB Enhancements
–PPP Counters in Cisco PDSN Release 3.0
–RP Counters in Cisco PDSN Release 3.0
•Conditional Debugging Enhancements—Trace Functionality in Cisco PDSN Release 3.0
•Randomized IMSI Handling
•Protocol Layering and RP Connections
•PPPoGRE RP Interface
•A11 Session Update
•SDB Indicator Marking
•Resource Revocation for Mobile IP
•Packet of Disconnect
•IS-835 Prepaid Support
•Prepaid Billing
•Mobile IP Call Processing per Second Improvements
•Always-On Feature
•PDSN MIB Enhancements
•Conditional Debugging Enhancements
•Cisco Proprietary Prepaid Billing
•3DES Encryption
•Mobile IP IPSec
•Hardware IPSec Acceleration Using IPSec Acceleration Module—Static IPSec
•1xEV-DO Support
•Integrated Foreign Agent
•AAA Server Support
•Packet Transport for VPDN
•Proxy Mobile IP
•Multiple Mobile IP Flows
•PDSN Cluster Controller / Member Architecture
Refer to the Cisco Packet Data Serving Node Release 5.2 for Cisco IOS Release 12.4(22)XR4 at https://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4_22_xr4/feature/guide/pdsn_5_2fcs_xr4.html for more information on the features.
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
Caveats for Cisco IOS Releases 12.4 are available on Cisco.com at: http://www.cisco.com/en/US/docs/ios/12_4t/release/notes/124TCAVS.html
The "Open Caveats" section lists open caveats that apply to the current release; they may also apply to previous releases.
The "Resolved Caveats" section lists caveats resolved in a particular release that may have been open in previous releases.
The "Product Documentation" section describes the product documentation that is available.
Note If you have an account with Cisco.com, you can use Bug Navigator II to find caveats of any severity for any release. You can access Bug Navigator II on Cisco.com at Software Center: Cisco IOS Software: Cisco Bug Toolkit: Cisco Bugtool Navigator II, or at http://www.cisco.com/support/bugtools.
Open Caveats
The following are the unresolved caveats in Cisco IOS Release 12.4(22)XR7 and earlier releases.
Unresolved Caveats in Cisco IOS Release 12.4(22)XR7
•CSCtc73759
The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
•CSCtd33567
The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-h323.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
•CSCte14603
A vulnerability in the Internet Group Management Protocol (IGMP) version 3 implementation of Cisco IOS Software and Cisco IOS XE Software allows a remote unauthenticated attacker to cause a reload of an affected device. Repeated attempts to exploit this vulnerability could result in a sustained denial of service (DoS) condition. Cisco has released free software updates that address this vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-igmp.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
•CSCtd86472
The Cisco IOS Software Network Address Translation functionality contains three denial of service (DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP) packets, the second vulnerability in the translation of H.323 packets and the third vulnerability is in the translation of H.225.0 call signaling for H.323 packets.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
•CSCtf17624
The Cisco IOS Software Network Address Translation functionality contains three denial of service (DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP) packets, the second vulnerability in the translation of H.323 packets and the third vulnerability is in the translation of H.225.0 call signaling for H.323 packets.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
•CSCtf91428
The Cisco IOS Software Network Address Translation functionality contains three denial of service (DoS) vulnerabilities. The first vulnerability is in the translation of Session Initiation Protocol (SIP) packets, the second vulnerability in the translation of H.323 packets and the third vulnerability is in the translation of H.225.0 call signaling for H.323 packets.
Cisco has released free software updates that address these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
•CSCsz43987
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Cisco Unified Communications Manager (CUCM) is affected by the vulnerabilities described in this advisory. Two separate Cisco Security Advisories have been published to disclose the vulnerabilities that affect the Cisco Unified Communications Manager at the following locations:
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucm.shtml
•CSCtf72678
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled.
Cisco has released free software updates that address these vulnerabilities. There are no workarounds for devices that must run SIP; however, mitigations are available to limit exposure to the vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100922-sip.shtml.
Note: The September 22, 2010, Cisco IOS Software Security Advisory bundled publication includes six Cisco Security Advisories. Five of the advisories address vulnerabilities in Cisco IOS Software, and one advisory addresses vulnerabilities in Cisco Unified Communications Manager. Each advisory lists the releases that correct the vulnerability or vulnerabilities detailed in the advisory. The table at the following URL lists releases that correct all Cisco IOS Software vulnerabilities that have been published on September 22, 2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20100922-bundle.shtml
Individual publication links are in "Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication" at the following link:
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep10.html
Cisco Unified Communications Manager (CUCM) is affected by the vulnerabilities described in this advisory. Two separate Cisco Security Advisories have been published to disclose the vulnerabilities that affect the Cisco Unified Communications Manager at the following locations:
http://www.cisco.com/warp/public/707/cisco-sa-20090826-cucm.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100922-cucm.shtml
•CSCtc92933
When an IP packet of size 1,500 bytes with the DF-bit set is sent to a mobile, Cisco PDSN Release 5.2 routes the packet incorrectly. This behavior occurs for mobiles that negotiate ACCM as zero and IXP does the AHDLC encoding. When the IP packet is encapsulated with PPP and IP/GRE, the packet exceeds 1,500 egress MTU size and fragments at the A10 level in PPC.
Workaround Configuring the MTU to 1,600 bytes ensures that the packet (after A10 encapsulation) does not fragment and is forwarded to the IXP.
•CSCth79911
When the downstream packets to PCF are encapsulated with GRE header, the DSCP value in the outer IP header is reset to 0.
This is because theTrusted bit is set to zero by IXP2.
The problem is seen for all the downstream packets towards the PCF encapsulated with GRE.
Workaround (conf) no mls qos on SUP
Resolved Caveats
The following caveats are resolved in Cisco IOS 12.4(22)XR7:
Table 5 lists the resolved caveats in Cisco IOS Release 12.4(22)XR7.
Product Documentation
Table 6 describes the product documentation that is available.
Table 6 Product Documentation
Document Title Available FormatsRelease Notes for Cisco PDSN Release 5.2 in IOS Release 12.4(22)XR6
•On Cisco.com at: http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4_22_xr6/release/notes/124_22xr6rn.html
Command Reference for Cisco PDSN Release 5.2 in IOS Release 12.4(22)XR4
•On Cisco.com at: http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4_22_xr4/command/reference/pdsn_5_2cr_xr4.html
Cisco Packet Data Serving Node Release 5.2 for Cisco IOS Release 12.4(22)XR4
•On Cisco.com at: http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4_22_xr4/feature/guide/pdsn_5_2fcs_xr4.html
Related Documentation
Table 7 describes the related documentation that is available:
Table 7 Related Documentation
Document Title Available FormatsCisco IOS Mobile Wireless Packet Data Serving Node Configuration Guide, Release 12.4T
•On Cisco.com at:
http://www.cisco.com/en/US/docs/ios/mwpdsn/
configuration/guide/12_4t/mwp_12_4t_book.htmlDocumentation on Cisco 7600 Series Router
•On Cisco.com at:
http://www.cisco.com/en/US/products/hw/routers/ps368/
tsd_products_support_series_home.htmlDocumentation on Cisco Catalyst 6500 Series Switch
•On Cisco.com at:
http://www.cisco.com/en/US/products/hw/switches/ps708/
tsd_products_support_series_home.htmlDocumentation on Caveats for Cisco IOS Release 12.4
•On Cisco.com at:
http://www.cisco.com/en/US/products/ps6350/
prod_release_notes_list.html
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Release Notes for Cisco PDSN Release 5.2 in IOS Release 12.4(22)XR7
© 2010 Cisco Systems, Inc.
All rights reserved.