Table Of Contents
Release Notes for Cisco ONS 15454
Note The terms "Unidirectional Path Switched Ring" and "UPSR" may appear in Cisco literature. These terms do not refer to using Cisco ONS 15xxx products in a unidirectional path switched ring configuration. Rather, these terms, as well as "Path Protected Mesh Network" and "PPMN," refer generally to Cisco's path protection feature, which may be used in any topological network configuration. Cisco does not recommend using its path protection feature in any particular topological network configuration.
Release notes address closed (maintenance) issues, caveats, and new features for the Cisco ONS 15454 SONET multiplexer. For detailed information regarding features, capabilities, hardware, and software introduced with this release, refer to the "Release 4.1.x and 4.5" version of the Cisco ONS 15454 Procedure Guide; Cisco ONS 15454 Reference Guide; Cisco ONS 15454 Troubleshooting Guide; and Cisco ONS 15454 and Cisco ONS 15327 TL1 Command Guide. For the most current version of the Release Notes for Cisco ONS 15454 Release 188.8.131.52, visit the following URL:
Cisco also provides Bug Toolkit, a web resource for tracking defects. To access Bug Toolkit, visit the following URL:
Changes to the Release Notes
This section documents supplemental changes that have been added to the Release Notes for Cisco ONS 15454 Release 184.108.40.206 since the production of the Cisco ONS 15454 System Software CD for Release 220.127.116.11.
The following changes have been added to the release notes for Release 18.104.22.168.
Changes to Resolved Caveats
The following resolved caveat has been added.
Review the notes listed below before deploying the ONS 15454. Caveats with tracking numbers are known system limitations that are scheduled to be addressed in a subsequent release. Caveats without tracking numbers are provided to point out procedural or situational considerations when deploying the product.
Path Protection Over 1+1 Provisioning Prior to Upgrade
The value of the NODE.circuits.upsr.AllowUpsrOverOnePlusOne NE default after a software upgrade is FALSE. To enable Path Protection over 1+1 you must set this default to TRUE in the Defaults editor window. To edit NE defaults refer to the "NTP-A164 Edit Network Element Defaults" procedure in the Cisco ONS 15454 Release 4.1 Network Element Defaults document.
Maintenance and Administration
Caution VxWorks is intended for qualified Cisco personnel only. Customer use of VxWorks is not recommended, nor is it supported by Cisco's Technical Assistance Center. Inappropriate use of VxWorks commands can have a negative and service affecting impact on your network. Please consult the troubleshooting guide for your release and platform for appropriate troubleshooting procedures. To exit without logging in, enter a Control-D (hold down the Control and D keys at the same time) at the Username prompt. To exit after logging in, type "logout" at the VxWorks shell prompt.
Note CTC does not support adding/creating more than 5 circuits in auto-ranged provisioning. This is as designed.
Path Protection Over 1+1 Operation
For Path Protection over 1+1 circuits double fault scenarios are not supported. If both the path protection and 1+1 are switched, traffic can be lost. To allow path protection functionality the 1+1 must be placed in "Forced to Working" state. The path protection selector can only be switched manually. To allow 1+1 functionality, the path protection selector must be in "Forced to working" state. In other words, at all times one of the selectors (path protection or 1+1) must be in the "Forced to Working" state to operate without traffic loss in this mode.
A protection switch of a path protection circuit over a 1+1 link does not update in the edit pane. To see the correct status, check the path protection switch status from the path protection selector window. This issue will not be resolved.
A false UNEQ-V alarm is raised when you create a one-way VT 1.5 path protection circuit over 1+1 SONET Protection. This issue will not be resolved.
Occasionally, an LOP-V alarm can fail to clear after a switch on a path protection over 1+1 VT 1.5 circuit. This can occur when you create a bidirectional VT 1.5 path protection circuit over 1+1 SONET protection, then apply a force to working to both selectors on one node. When you place the working trunk card of 1+1 Protection OOS, then place the port back in IS, LOP-V is raised but traffic is fine. Traffic comes back to the working 1+1 card after the WTR expires. But then when you release the force switch from the selector, the LOP-V fails to clear. This issue will not be resolved.
Creating a VT path protection over 1+1 protected circuit and then deleting the protection group results in AIS-V and a failure to switch to protect (FAILTOSW-PROT) alarm on the path protection protected circuit. This issue will not be resolved.
CTC or Cisco Transport Manager (CTM) communication to a node might be lost while the node is still able to respond to a ping. The CORBA interface on the node can be locked by sending invalid (non-Corba) data to the TCC IIOP listener port. When the CORBA interface is locked, legitimate CORBA communications are lost. To prevent this from occurring, the ONS 15454 should be placed on a secure network or behind a firewall. In the event that this issue arises, CTC/CTM management can be regained by performing a Manual TCC reset using TL1. This issue is resolved in Release 4.6.
When switching to the protect card in EC1 during 1:1 protection, IPPM goes blank. This is the result of incorrect handling of STS Path PMs (IPPM) in EC1 1:1 protection. This issue is resolved in Release 4.6.
A PCA circuit might be displayed as INCOMPLETE after a span upgrade; for example, when a BLSR span that is carrying PCA traffic is upgraded from OC-48 to OC-192. Although the circuit is reported as INCOMPLETE in CTC, traffic should be unaffected in this instance. To correct the display, restart CTC. This issue is resolved in Release 4.6.
The NE PWR-B alarm is not reported in CTC after an upgrade to Release 3.4.2. You can view the alarm through TL1. This issue is resolved in Release 5.0.
A 1+1 non-revertive system in which the protect card is reseated while the working card is present and active reverts back to working after you clear a Force to Protect or Manual to Protect. Affected cards are OC-3 8 port and OC-12 4 port. To work around this issue, soft-reset the working card with the protect card present and active. This issue will be resolved in Release 4.6.
Changed Default Alarm Severities
The following alarm severities have changed for Release 4.1.x.
Table 1 Changed Alarm Severities
Alarm New Severity
While using the orderwire capability of the AIC-I, you must not input a station number with less than 4 digits. If you enter, for example, 123, CTC will display 0123; however, you will not be able to ring the node by dialing either *123, or *0123. This issue will be resolved in Release 4.6.
Path level alarms are displayed on the CTC conditions pane for deleted circuits. This issue may occur on any circuit deletion case. The conditions may be cleared by a TCC side switch. This issue is resolved in Release 4.6.
Terminal loopback is provisionable even if the card is in transponder mode.
To see this, in the provisioning tab for a G1000 or G1K-4 card pick a pair of ports and set them to transpond with each other. The condition also holds true by picking one port and setting it to transpond with itself (one-port unidirectional). Once the transponder setting is provisioned, go to the Maintenance tab and attempt to provision terminal loopback on any of the ports that were previously provisioned for transponder functionality. CTC allows terminal loopback to be provisioned even though the setting has no effect due to the fact that the ports are performing transponder functions. If terminal loopback is truly intended, you should remove the transponder settings. A warning stating that terminal loopback has no effect if transponders are present will be displayed in Release 4.6.
Rarely, a PLM-P alarm on an OC-12 card might remain after deleting the affected STS-1 circuit. This condition persists even after deleting the affected card. If this occurs, you can reset the TCC2s to remove the stuck alarm. This issue is resolved in Release 4.6.
Rarely, when nodes appear gray in CTC and you view the BLSR tab at the network level, the tab may be blank. When this occurs, all tabs on the same level will also become blank. To avoid this issue, do not enter into the BLSR tab at the network view until all of the nodes are some color other than gray. This issue will be resolved in Release 4.6.
The switch indicator does not clear on the Maintenance > Protection tabs when a revertive 1:1 protection group is provisioned to be non-revertive. If this occurs, from the Maintenance > Protection tabs, select the slot with the "Switch" indicator. Click the "Clear" button. This issue is resolved in Release 4.6.
Simultaneous failure of working and protect cards in 1:N protection groups may not be alarmed as service affecting. This can occur when the working card of the protection group has been removed from the chassis, and the protect card of the protection group is subsequently issued a Manual Reset. Since the working and protect facilities are impaired, the Improper removal alarm should clear and be reissued as a Critical and service affecting condition. This issue will be resolved in Release 5.0.
When a fault condition exists against a circuit or port that is in the OOS-MT or OOS-AINS state (or when you are using the "Suppress Alarms" check box on the CTC Alarm Behavior pane), the alarm condition is not assigned a reference number. If you were to place the circuit or port in service at this time, in the absence of the reference number, the CTC alarm pane would display the condition with a time stamp indicating an alleged, but incorrect, time that the autonomous notification was issued. Clicking the CTC alarm "Synchronize" button at this stage will correct the alarm time stamp. There is no way to remedy the lack of reference number. This issue is resolved in Release 6.0.
CTC is unable to communicate with an ONS 15454 that is connected via an Ethernet craft port. CTC does, however, communicate over an SDCC link with an ONS 15454 that is Ethernet connected, yielding a slow connection. This situation occurs when multiple ONS 15454s are on a single Ethernet segment and the nodes have different values for any of the following features:
•Enable OSPF on the LAN
•Craft Access Only
When any of these features are enabled, the proxy ARP service on the node is also disabled. The ONS 15454 proxy ARP service assumes that all nodes are participating in the service.
This situation can also occur immediately after the aforementioned features are enabled. Other hosts on the Ethernet segment (for example, the subnet router) may retain incorrect ARP settings for the ONS 15454s.
To avoid this issue, all nodes on the same Ethernet segment must have the same values for Enable OSPF on the LAN, Enable Firewall, and Craft Access Only. If any of these values have changed recently, it may be necessary to allow connected hosts (such as the subnet router) to expire their ARP entries.
You can avoid waiting for the ARP entries to expire on their own by removing the SDCC links from the affected ONS 15454 nodes. This will disconnect them for the purposes of the proxy ARP service and the nodes should become directly accessible over the Ethernet. Network settings on the nodes can then be provisioned as desired, after which the SDCC can be restored.
This issue will not be resolved.
If a user is logged into CTC as a superuser (or other higher level security type), and then another superuser changes the first user's security level to "retrieve" (or another lower level security type) without first logging the user out, the lower level user is then still able to perform some actions authorized only for the original login security level. For example, a "provisioning" level user demoted to "retrieve" level in this manner can still provision and edit MS-SPRings (BLSRs) while logged into the current session, though the same user may no longer provision DCCs. To ensure that a user's level is changed completely, the superuser must log the user out prior to changing the security level. This issue is resolved in Release 4.6.
In the Maintenance > Cross Connect Resource Pane, the VT matrix port detail is inconsistent with the general VT matrix data. This can occur when a 1+1 protection scheme is in place. To avoid confusion, note that the VT matrix data counts the VTs for both the working and protect card, while the detail data counts the VTs only for the working card. This issue will be resolved in Release 4.6.
Rarely, CTC Network view can freeze following the deletion or addition of a node from or to a BLSR/MS-SPRing. This can result in the CTC Network view no longer updating correctly. If this occurs, restart CTC. This issue is resolved in Release 4.6.
An LOP-P alarm can be inadvertently cleared by an LOS that is raised and cleared. On OC48AS, OC192, and OC12-4 cards, when an LOP condition and an LOS condition are both present on the input, an LOS will be raised as per Telcordia GR 253 alarm hierarchy. However, upon clearing the LOS with the LOP still present, the LOP alarm, which should then be raised, is not. An AIS-P condition will be visible. This issue is resolved in Release 6.0.
Microsoft Windows XP uses more memory than previous Microsoft operating systems, and this may result in reduced CTC performance. To avoid reduced performance, you can:
•Limit the number of nodes you log into
•Avoid or limit bulk operations
•Avoid bulk circuit deletion
•Prevent CTC's discovery of DCC connected nodes by using the login "Disable Network Discovery" feature
•Prevent CTC's discovery of circuits unless needed by using the login "Disable Circuit Management" feature
Far end path FC-P is not counted on EC1 or OC3 cards. When a path defect is transmitted to the far end, it reports RDI-P. However, the condition is not examined and reported as a PM count. This issue is resolved in Release 5.0.
CVs are not positively adjusted after exiting a UAS state. When a transition has been made from counting UAS, at least 10 seconds of non-SES must be counted to exit UAS. When this event occurs, Telcordia GR-253 specifies that CVs that occurred during this time be counted, but they are not. This issue will not be resolved.
In a 1:N protection group, where a protect card is protecting a failed card and another working card, which is missing, has a lockon condition, upon removing the lockon condition from the missing working card, the protect card may switch from the card it had been protecting to carry the traffic of the missing working card that just had the lockon removed. To avoid this issue, replace the failed working card before removing the lockon. This issue is resolved in Release 6.0.
When the topology host is connected to multiple OSPF areas, but CTC is launched on a node that is connected to fewer areas, the topology host appears in CTC, and all nodes appear in the network view, but some nodes remain disconnected. This can occur when the CTC host does not have routing information to connect to the disconnected nodes. (This can happen, for example, if automatic host detection was used to connect the CTC workstation to the initial node.)
CTC will be able to contact the topology host to learn about all the nodes in all the OSPF areas, but will be unable to contact any nodes that are not in the OSPF areas used by the launch node. Therefore, some nodes will remain disconnected in the CTC network view.
To work around this issue, if no firewall enabled, then the network configuration of the CTC host can be changed to allow CTC to see all nodes in the network. The launch node must be on its own subnet to prevent network partitioning, and craft access must not be enabled. The CTC host must be provisioned with an address on the same subnet as the initial node (but this address must not conflict with any other node in the network), and with the default gateway of the initial node. CTC will now be able to contact all nodes in the network.
If a firewall is enabled on any node in the network, then CTC will be unable to contact nodes outside of the initial OSPF areas.
The following caveats apply for NE defaults.
•OC12-4 allows provisioning of PJStsMon from 0 to 48. The workaround is to limit provisioning to between Off and 1 to 12 only.
•CTC displays "PJStsMon=off" in the standard provisioning pane when provisioning PJStsMon off; however, TL1 and the NE Defaults editor both display 0 for this same condition.
•If you only make changes to a single default in the NE defaults editor, you must click on another default or column before the Apply button becomes functional.
The terminology used for provisioning overhead circuits has changed as of Release 3.4 as follows.
Overhead Circuit Types
•LDCC_TUNNEL has changed to DCC Tunnel D4-D12
•SDCC_TUNNEL has changed to DCC Tunnel D1-D3
Overhead Channel Types
•SDCC has changed to DCC1(D1-D3)
•LDCC_TUNNEL1 has changed to DCC2(D4-D6)
•LDCC_TUNNEL2 has changed to DCC3(D7-D9)
•LDCC_TUNNEL3 has changed to DCC4(D10-D12)
•LDCC has changed to DCC(D4-D12)
Note These circuits are now provisioned at the network level, rather than on a node-by-node basis.
When a new circuit is created around a ring (path protection or BLSR), the SD BER or SF BER alarm can be raised depending on the order in which the spans are provisioned. The alarms will eventually clear by themselves. Traffic is not affected. This issue will not be resolved.
CSCdx40462, CSCdx47176, CSCdw22170
While upgrading nodes from releases prior to 3.2, CTC might lose connection to the far end nodes. When this occurs, you will not be able to ping the grayed-out nodes; however, if you continue the upgrade, this problem resolves itself. This issue is resolved in Release 3.2, but can still occur when upgrading from nodes with earlier software releases.
XCVTs (both active and standby) reboot continuously when the K3 byte is mapped to the E2 byte on one side of a WTR span. The rebooting occurs after the WTR timer expires. This has been seen on a two fiber BLSR with OC-48AS. To avoid this issue, if possible, change the K3 mapping on both ends of the span before creating the ring; or, alternatively, you can prevent the ring from reverting during the K3 mapping by setting the Ring Reversion time to "never." Once you have completed the mapping of the K3 byte to the E2 byte on both sides, return the Ring Reversion to its normal value. This issue is resolved in Release 4.6.
ONS 15454 Conducted Emissions Kit
If you are deploying the Cisco ONS 15454 within a European Union country that requires compliance with the EN300-386-TC requirements for Conducted Emissions, you must obtain and install the Cisco ONS 15454 Conducted Emissions kit (15454-EMEA-KIT) in order to comply with this standard.
Upgrading to Use the G1000-4 Ethernet Card
Before installing or seating the G1000-4 Ethernet card on node running Release 3.1 or prior, you must upgrade the software on that node to Release 3.2 or later. This is as designed.
CSCdv10824: Netscape Plugins Directory
If you use CTC, JRE, and the Netscape browser with a Microsoft Windows platform, you must ensure that any new installation of Netscape uses the same Netscape directory as the previous installation did, if such an installation existed. If you install Netscape using a different path for the plugins directory, you will need to reinstall JRE so that it can detect the new directory.
When you auto-route a VT circuit on an ONS 15454 node, a path is computed based on the availability of STSs on the nodes involved. This selection process, when combined with a lack of VT matrix (or STS-VT connections) on an auto-route selected node, can result in the VT circuit creation failing with the message "unable to create connection object at node." To correct this situation, manually route VT circuits in cases when auto-routing fails. The error message will indicate which node is at issue.
"Are you sure" Prompts
Whenever a proposed change occurs, the "Are you sure" dialog box appears to warn the user that the action can change existing provisioning states or can cause traffic disruptions.
CSCdy48478 Fan Tray Assembly Fan Fail Lamp Test Failure
A user-initiated lamp test does not illuminate the fan fail LED on the fan tray assembly for the ONS 15454 or the ONS 15454 SDH. The lamp test successfully lights the LEDs for major, minor, and critical alarms on the fan tray, and for all cards in the chassis, but does not light the fan fail LED. An actual fan failure, however, will light the fan fail LED.
CWDM and DWDM GBIC Compatibility with G1000-4 Cards and G1K-4 Cards
G1000-4 cards support CWDM and DWDM GBICs. G1K-4 cards with the CLEI code of WM5IRWPCAA (manufactured after August 2003) support CWDM and DWDM GBICs. G1K-4 cards manufactured prior to August 2003 do not support CWDM or DWDM GBICs.
Note Operating temperature of the DWDM GBICs is -5 degrees C to 40 degrees C.
In a configuration with OC-48 Any Slot cards and an STS-24c circuit, provisioned between G1000-4 cards with traffic going over the OC-48 span, extracting the G1000-4 card at one end of the STS-24c circuit before deleting the circuit will result in a traffic hit on all existing SONET circuits defined over that same span. This only occurs when the STS-24c is provisioned on timeslot 25.
In the Cisco ONS 15454 Procedure Guide, Release 4.1.x, refer to the "NTP-77 Delete Circuits" procedure to delete the 24c circuit before removing the card. Once you have deleted the circuit, refer to the "DLP-191 Delete a Card from CTC" task (also in the procedure guide) to delete the G1000-4 card. This issue is resolved in Release 6.0.
Note Rarely, when the active TCC2 is removed, small traffic errors of 2 to 30 ms can sometimes occur. To avoid this issue, switch to the protect TCC2 before removing the working TCC2.
Under the conditions listed below, the DS1 card does not raise Loss of Frame for a Mismatched Frame Format. This can happen when you change from the correct frame format to an incorrect frame format, where the correct format is Unframed and the incorrect format is D4, and you switch from the incorrect, to correct, and back to the incorrect format. This issue is resolved in Release 5.0.
When a circuit is deleted from a DS3XM while DS1 loopbacks exist on the ports associated with that circuit, the loopbacks become frozen on those ports and cannot be removed. If this occurs, reestablish a circuit that uses those ports, then remove the loopbacks prior to deleting the circuit. This issue is resolved in Release 5.0.
A DS1 AINS circuit might change to IS state after two-fiber BLSR switch on a mixed-node network with one ONS 15327 and two ONS 15454s. This issue is resolved in Release 5.0.
Deleting a DS3I 1:N protection group might leave the protect card LED in a standby state. This can occur in a DS3I 1:N protection group with a LOCKON applied to the working card (ONS 15454 ANSI chassis only). Upon deleting the protection group, the LED on the protect DS3I card and the CTC display are still in the standby state. Soft reset the protect card to update the LED on the card and in CTC. An alternative workaround is to remove the LOCKON before deleting the protection group. This issue will be resolved in a future release.
Terminal loopback on DS3XM-6 card may not work properly. AIS-P may be transmitted towards the system (away from the line side) direction. A VT circuit newly created to the DS3XM-6 with no valid input signal to the port can cause this. A terminal loopback will not work because AIS-P is being transmitted towards the system direction. To avoid this issue, apply a valid signal to the input port for the DS3XM card for at least 10 seconds with no terminal or facility loopback applied to that particular port. After receiving a valid signal for this time period, the terminal loopback will function properly even if the input signal is disconnected from the DS3XM port. This issue is resolved in Release 4.6.
When using KLM type fuses with specific types of fuse and alarm panels, the PWR-REDUN alarm may not be displayed once the fuse is blown. A KLM fuse does not have a blown fuse indicator build into it. As a result, the blown fuse detection circuitry on the FAP may continue to provide voltage on its output despite a blown fuse.
Ethernet Polarity Detection
The TCC2 does not support polarity detection & correction on the LAN Ethernet port. This is a change from prior common control cards, such as the TCC+. If your LAN Ethernet connection has the wrong polarity (due to incorrect wiring on the backplane wire-wrap pins), the connection will work when using a TCC+, but not with a TCC2. To avoid possible problems, ensure that your Ethernet cable has the correct mapping of the backplane wire-wrap pins. For Ethernet pin mappings, consult the "DLP-A 21 Install LAN Wires on the Backplane" procedure in the user documentation.
If you are using a TCC+, the Release 4.0 or 4.1.x software will report the polarity issue (previous releases do not), by raising the standing condition: LAN Connection Polarity Reverse Detected (COND-LAN-POL-REV). Also, notification will appear on the fan tray LCD, which will display "BP LAN POL. NEG." The issue will typically be reported during the software upgrade process, but can also be raised during a new installation when using TCC+ and Release 4.0 or 4.1.x.
If this is a new installation with a TCC2 and you have the Ethernet polarity reversed, the TCC2 will not communicate over the LAN Ethernet interface (no polarity correction will occur), and no condition will be reported, nor will the fan tray LCD indicate an issue.
SONET and SDH Card Compatibility
Tables 1, 2, and 3 list the cards that are compatible for the ONS 15454 SONET and ONS 15454 SDH platforms. All other cards are platform specific.
Performing cross connect card switches repeatedly might cause a signal degrade condition on the lines or paths that can trigger switching on these lines or paths. If you must perform repeated cross connect card switches, lock out the corresponding span (path protection, BLSR, or 1+1) first. This issue is resolved in Release 6.0.
When an OC-N card is seeing LOS and the problem is resolved (for example, the pulled fiber is reinserted) the LOS will normally clear quickly, and any other errors seen on the signal will be raised. However, in the special case where the restored signal is unframed, the LOS will remain raised (that is, the LOS will not be replaced by an LOF). This is standard SONET behavior per Telcordia GR-253 R6-57, Method 1, where to clear LOS the signal must also contain valid framing alignment patterns.
When an SDH signal is sent into an ONS 15454 OC-12/STM-4 (IR, 1310 LR and 1550 LR) or an OC-48/STM-16 high-speed (IR and LR) port which has been configured to support SDH, an SD-P (Signal Degrade) alarm will appear as soon as the circuit is created. This alarm will continue to exist until the circuit is deleted.
To avoid this problem, when provisioning an OC-12/STM-4 (IR, 1310 LR and 1550 LR) or an OC-48/STM-16 high-speed (IR and LR) port to support SDH, disable the signal degrade alarm at the path level (SD-P) on the port.
Also, PM data at the path level will not be reliable. You must set associated threshold values to 0 in order to avoid threshold crossing alerts (TCA) on that port. The path threshold values to set to zero are CV-P, ES-P, SES-P, and UAS-P.
These issues are the result of a hardware limitation, and there are no current plans to resolve them.
If you are using an XC10G with OC-48, you must use either OC-48AS or OC-48 cards with a revision number higher than 005D.
Jitter Performance with XC10G
During testing with the XC10G, jitter generation above 0.10 UI p-p related to temperature gradient testing has been observed. This effect is not expected to be seen under standard operating conditions. Changes are being investigated to improve jitter performance in a future release. Defect numbers related to this issue include CSCdv50357, CSCdv63567, CSCdv68418, CSCdv68441, CSCdv68389, CSCdv59621, and CSCdv73402.
Active Cross Connect (XC/XC10G/XCVT) or TCC+/TCC2 Card Removal
You must perform a lockout in BLSR, path protection, and 1+1 before physically removing an active cross connect (XC/XC10G/XCVT) or TCC+/TCC2 card. The following rules apply.
Active cross connect (XC/XC10G/XCVT) cards should not generally be physically removed. If the active cross connect or TCC+/TCC2 card must be removed, you can first perform an XC/XCVT/XC10G side switch or TCC+/TCC2 reset and then remove the card once it is in standby, or you can perform a lockout on all circuits that originate from the node whose active cross connect or active TCC+/TCC2 will be removed (performing a lockout on all spans will also accomplish the same goal). No lockout is necessary for switches initiated through CTC or through TL1.
In a 1:N protection group, traffic loss could occur if a DS-N card is preprovisioned and then added to the group while another working card in the group is removed from its slot. To avoid this, before adding slots to a protection group ensure that:
•The protect card is not actively carrying traffic (that is, the card is in standby)
•Any working slot you add to the group actually contains a working card at the time you add it
This issue is resolved in Release 5.0.
E Series and G Series Cards
Note When using ONS 15327s as passthrough nodes with Release 3.2, you cannot create 9c or 24c gigabit Ethernet circuits through any 15327.
On Cisco ONS 15454s equipped with XC or XCVT cross-connect cards, neither the E100T-12 nor the E1000-2 cards raise an alarm or condition in CTC when Ethernet traffic is predictably lost due to the following circumstances:
Circuits exist between Ethernet cards (E100T-12 and/or E1000-2) built over Protection Channel Access (PCA) bandwidth on BLSR spans. When BLSR issues a switch, the PCA bandwidth is preempted. Since there is no longer a connection between the ends of the Ethernet circuit, traffic is lost.
Note In nodes equipped with XC10G, these Ethernet cards will raise an AIS-P condition.
This issue will be resolved in a future release.
Multicast traffic can cause minimal packet loss on the E1000-2, E100-12, and E100-4 cards. Packet loss due to normal multicast control traffic should be less than 1%. This issue was resolved in Release 2.2.1 for broadcast, and in Release 2.2.2 for OSPF, and some multicast frames. As of Release 3.0.3, the ONS 15454 supports HSRP, CDP, IGMP, PVST, and EIGRP, along with the previously supported broadcast and OSPF.
Note If multicast is used for such applications as video distribution, significant loss of unicast and multicast traffic will result. These cards were not designed for, and therefore should not be used for, such applications.
Note If the multicast and flood traffic is very rare and low-rate, as occurs in most networks due to certain control protocols and occasional learning of new MAC addresses, the loss of unicast frames will be rare and likely unnoticeable.
Note A workaround for this issue is to use the port-mapped mode of the E-series cards.
Multicast MAC addresses used by the following control protocols have been added to the static MAC address table to guarantee no loss of unicast traffic during normal usage of these MAC addresses:
Do not use the repair circuit option with provisioned stitched Ethernet circuits.This issue is under investigation.
Starting with Release 2.2.0, each E100/E1000 card can be configured as a single-card EtherSwitch configuration to allow STS-12c of bandwidth to be dropped at each card. The following scenarios for provisioning are available:
2. 6c, 6c
3. 6c, 3c, 3c
4. 6c, six STS-1s
5. 3c, 3c, 3c, 3c
6. 3c, 3c, six STS-1s
7. Twelve STS-1s
When configuring scenario 3, the STS-6c must be provisioned before either of the STS-3c circuits.
When deleting and recreating Ethernet circuits that have different sizes, you must delete all STS circuits provisioned to the EtherSwitch before you create the new circuit scenario. (See the preceding "Single-card EtherSwitch" section for details on the proper order of circuit creation.) Enable front ports so that the VLANs for the ports are carried by the largest circuit first. A safe approach is to enable the front port before you create any circuits and then retain the front port VLAN assignment afterwards. If you break the rules when creating a circuit, or if you have to delete circuits and recreate them again, delete all circuits and start over with the largest first.
Whenever you drop two 3c multicard EtherSwitch circuits onto an Ethernet card and delete only the first circuit, you should not provision STS-1 circuits to the card without first deleting the remaining STS-3c circuit. If you attempt to create an STS-1 circuit after deleting the first STS-3c circuit, the STS-1 circuit will not work and no alarms will indicate this condition. To avoid a failed STS-1 circuit, delete the second STS-3c prior to creating any STS-1 circuit.
When an ML-series circuit's state is provisioned from In-Service (IS) to Out-of-Service (OOS), and then back to IS, data traffic does not recover. To avoid this issue, prior to changing the state from IS, set the POS port to shut down on the CLI. After the state is changed back to IS from OOS, set the POS port to "no shutdown." This issue is resolved in Release 4.6.
Disconnecting a transmit fiber on an ML1000 port causes only the neighboring port to take the link down. Ideally, both ports should identify that the link went down so upper layer protocols can reroute the traffic to a different port. To work around this situation, issue "shutdown" and "no shutdown" to the port that has the disconnected or faulty transmit fiber. This issue is resolved in Release 4.6.
SPR input counters do not increment on a BVI with an SPR interface. This issue will not be resolved.
A monitor command may disappear from the configuration after a TCC reboots. To avoid this issue, use the exec command, "terminal monitor," instead (a minor drawback is that this command applies to all VTYs), or, alternatively, reapply the monitor command after connection is lost. This is as designed.
Packets discarded due to output queue congestion are not included in any discard count. This occurs under either of the following conditions:
•Traffic on ML-series cards between Ethernet and SONET ports, with oversubscription of available circuit bandwidth configured, leading to output queue congestion.
•Traffic from SONET to Ethernet, with oversubscription of the available Ethernet bandwidth.
This issue is resolved in Release 4.6.
The ML-series cards always forward Dynamic Trunking Protocol (DTP) packets between connected devices. If DTP is enabled on connected devices (which might be the default), DTP might negotiate parameters, such as ISL, that are not supported by the ML-series cards. All packets on a link negotiated to use ISL are always counted as multicast packets by the ML-series card, and STP and CDP packets are bridged between connected devices using ISL without being processed. To avoid this issue, disable DTP and ISL on connected devices. This functionality is as designed.
Under certain conditions, the flow-control status may indicate that flow control is functioning, when it is not. Flow-control on the ML-series cards only functions when a port-level policer is configured. A port-level policer is a policer on the default and only class of an input policy-map. Flow-control also only functions to limit the source rate to the configured policer discard rate, it does not prevent packet discards due to output queue congestion.
Therefore, if a port-level policer is not configured, or if output queue congestion is occurring, policing does not function. However, it might still mistakenly display as enabled under these conditions. To avoid this issue, configure a port-level policer and prevent output queue congestion. This issue will not be resolved.
Issuing a shutdown/no shutdown command sequence on an ML1000 port clears the counters. This is a normal part of the startup process and there are no plans to change this functionality.
When a circuit between two ML POS ports is provisioned OOS, one of the ports might erroneously report TPTFAIL. This issue exists for both ML100T-12 and ML1000-2 cards. If this occurs, open a console window to each ML card and configure the POS port to shutdown. This issue is resolved in Release 4.6.
No warning is displayed when applying OOS to ML drop ports on the circuit provisioning window. This issue is resolved in Release 5.0.
When configuring the same static route over two or more interfaces, use the following command:
ip route a-prefix a-networkmask a.b.c.d
Where a.b.c.d is the address of the outgoing gateway, or, similarly, use the command:
ip route vrf vrf-name
Do not try to configure this type of static route using only the interface instead of the address of the outgoing gateway.
If no BGP session comes up when VRF is configured and all interfaces have VRF enabled ensure that at least one IP interface (without VRF) is configured and add an IP loopback interface on each node. This issue will not be resolved.
POS ingress classification based on IP precedence does not match the packets when inbound policy map classifying based on IP precedence is applied to the POS interface, which is configured for HDLC or PPP encapsulation. To avoid this issue, use LEX encapsulation (default) or, at the Ethernet ingress point, mark the COS based on an IP precedence classification, then classify based on the COS during POS ingress. This issue is resolved in Release 4.6.
ML-100 FastEthernet MTU is not enforced. However, frames larger than 9050 bytes may be discarded and cause Rx and Tx errors.
Issuing a "clear IP route *" command can result in high CPU utilization, causing other processes to be delayed in their execution. To avoid this issue do not clear a large number of route table entries at once, or, if you must use the "clear IP route *" command, do not install more than 5000 EIGRP network routes.
CSCds13769: Fujitsu FLM-150 and Nortel OC-3 Express
You cannot provision the FLM-150 and OC-3 Express in 1+1 revertive switching mode. The problem occurs when the ONS 15454 issues a user request in revertive mode to the protect channel. When the user request is cleared, the ONS 15454 issues a No Request. However, the FLM-150 and OC-3 Express issues a Do Not Revert, which causes traffic to remain on the protection channel. Based on GR-253, section 22.214.171.124, the FLM-150 and the OC-3 Express should respond with a No Request.
If a four-fiber BLSR execute MS-R or WTR coexists with SF-P on the same span and FS-R is issued on a different span in the ring, the FS-R preempts the MS-R or WTR, causing a traffic outage. The ring switch is removed, but one side remains in the ring switch state. To recover from this situation, issue a lockout of the protect span on the span that raised the ring switch event. This issue is resolved in Release 4.6.
CSCeb24331 and CSCeb40119
If you create a four-fiber BLSR with a VT circuit on it, then delete the circuit and the ring, then created a two-fiber BLSR on the same ports, you may see an unexpected AIS-V on the path, even before any additional circuit is created. A soft switch of the TCC will clear the AIS-V condition. This issue is resolved in Release 4.6.
Circuit states are not updated after a span update. If you update a four node OC-12 two-fiber BLSR to a four node OC-192 two-fiber BLSR, the previous PCA circuits should be shown as two-fiber BLSR protected, but they are shown as "UNKNOWN" protected. If you relaunch CTC this situation is corrected. This issue is resolved in Release 5.0.
DS3 PCA traffic may take up to 20 seconds to recover after a BLSR switch is cleared. This can occur with DS3 PCA traffic on two-Fiber or four-Fiber BLSR configuration with XCVT cards in the same nodes as the DS3 cards. This issue will be resolved in a future release.
In a two-fiber or four-fiber BLSR, MS-RFI is not reported for an LOS or LOF with a ring lockout in place on a different span. This issue is resolved in Release 5.0.
Failing the working and protect spans on a four-fiber BLSR while an extra traffic circuit runs over the span and a lockout is on the span can cause the extra traffic to permanently fail, with no AIS.
The failure scenario is only reproducible by failing and restoring fibers in the following sequence.
Step 1 Create a four-fiber BLSR.
Step 2 Create extra traffic circuits (one or more) over one of the spans, say, from Node A east to Node B west. At Node A, issue a lockout span east. This causes the BLSR to not switch in the event of a span failure.
Step 3 At node A, remove the working transmit fiber east, then remove the protect transmit fiber east. Both protected traffic and extra traffic are down, as expected.
Step 4 Reinsert the protect transmit fiber east, then reinsert the working transmit fiber east. Protected traffic is restored, but extra traffic is not restored.
If this issue occurs, clear the lockout span. All extra traffic is immediately restored. You may then reissue the lockout span. This issue is resolved in Release 4.6.
Ethernet circuits may appear in the CTC circuit table with an INCOMPLETE status after a BLSR/MSSP span is upgraded. The circuits, when this occurs, are not truly incomplete. They are unaffected and continue to carry traffic. To see the circuit status correctly, restart CTC. This issue is resolved in Release 4.6.
Traffic that should be dropped remains unaffected when a BLSR Protection Channel Access (PCA) VT tunnel is placed OOS. You must place all circuits in the tunnel OOS before the traffic will be dropped. This issue is resolved in Release 5.0.
The two protect OC48AS cards at the ends of a four fiber BLSR span must both be configured as either K3 or Z2 (not a mixture). If both ends are not the same, the BLSR may fail to switch correctly. In Release 3.4 the BLSR wizard ensures that both ends are configured correctly; however, you must still avoid manually changing the value on one side only (and hence, causing a mismatch) at the card level. If you do mismatch bytes at the card level, you can discover this by going to the BLSR edit map tied in with the BLSR wizard. The mismatched span will be red, and right-clicking on the span will allow you to correct the problem.
You must lock out protection BLSR, 1+1, and path protection traffic to avoid long, or double traffic hits before removing an active XC, XCVT, or XC10G card. You should also make the active cross connect card standby before removing it.
When configuring a node with one 4 Fiber BLSR and one 2 Fiber BLSR, or with two 2 fiber BLSRs, an issue exists related to the version of XC deployed. Revision 004H and earlier revisions of the XC do not support these configurations. All later revisions of the XC and all versions of the XCVT and XC10G cross connects support all permutations of two BLSRs per node.
In a two ring, two fiber BLSR configuration (or a two ring BLSR configuration with one two fiber and one four fiber ring) it is possible to provision a circuit that begins on one ring, crosses to a second ring, and returns to the original ring. Such a circuit can have protection vulnerabilities if one of the common nodes is isolated, or if a ring is segmented in such a way that two non-contiguous segments of the circuit on the same ring are each broken.
VT1.5 and VC3/VC12 squelching is not supported in BLSR/MSSPR.
Database Restore on a BLSR
When restoring the database on a BLSR, follow these steps:
Step 1 To isolate the failed node, issue a force switch toward the failure node from the adjacent east and west nodes.
Step 2 If more than one node has failed, restore the database one node at a time.
Step 3 After the TCC+/TCC2 has reset and booted up, release the force switch from each node.
Path Protection Functionality
With a VT path protection circuit, if you inject signals with a thru-mode test set into one path of the circuit in a particular order, you may not see the appropriate alarms. This can occur when you first inject LOP-P, then clear, then inject LOP-V. This issue will not be resolved.
When a path protection circuit is created end-to-end, CTC might not create the cross-connection on all the nodes along the path at the same time. This might cause an SD-P condition along the path. When the circuit is fully provisioned on all nodes, the SD-P will clear automatically. Other conditions that can be expected while the circuit is being created are LOP-P and UNEQ-P. To reduce the risk of unexpected transient conditions, circuits should be created in the OOS_AINS state.
Active Cross Connect (XC/XC10G/XCVT) or TCC+/TCC2 Card Removal
As in BLSR and 1+1, you must perform a lockout on path protection before removing an active cross connect or TCC+/TCC2 card. The following rules apply to path protection.
Active cross connect (XC/XC10G/XCVT) cards should not generally be physically removed. If the active cross connect or TCC+/TCC2 card must be removed, you can first perform an XC/XCVT/XC10G side switch or TCC+/TCC2 reset and then remove the card once it is in standby, or you can perform a lockout on all circuits that originate from the node whose active cross connect or active TCC+/TCC2 will be removed (performing a lockout on all spans will also accomplish the same goal). No lockout is necessary for switches initiated through CTC or through TL1.
If you create a 1+1 protection group, create a circuit on the working line, and then try to retrieve the path PMs on the protect side using TL1, the request is denied. To work around this issue, use CTC to retrieve the Path PMs on the protect line. This issue is resolved in Release 5.0.
In the CTC Performance > Statistics tab of the G1000-4 or G1000-2, there are no entries for Rx/Tx Multicast and Broadcast packets. This issue is resolved in Release 4.6.
The following two notes on page 5-30 of the Cisco ONS 15454 Reference Manual, R4.1.x and R4.5 should be replaced.
Note G-Series cards manufactured before August 2003 do not support DWDM GBICs. G1000-4 cards compatible with DWDM GBICs have a CLEI code of SNP8KW0KAB. Compatible G1K-4 cards have a CLEI code of WM5IRWPCAA.
Note All versions of G1000-4 and G1K-4 cards support CWDM GBICs.
The replacement information is contained in CWDM and DWDM GBIC Compatibility with G1000-4 Cards and G1K-4 Cards.
Transponder (TXP_MR_10G) and Muxponder (MXP_2.5G_10G) Documentation
The documentation set for the Cisco ONS 15454 contains references to new transponder (TXP_MR_10G) and muxponder (MXP_2.5G_10G) cards. These portions of the documentation are meant to refer to cards that will become available with a future release. The nXP cards are not available with Release 4.1.x. Cisco apologizes for any confusion this may cause.
Note To be compatible with TL1 and DNS, all nodes must have valid names. Node names should contain alphanumeric characters or hyphens, but no special characters or spaces.
The TL1 ED-USER-SECU command fails to modify an empty password. This issue will be resolved in a future release.
Rarely, TL1 autonomous messages might not be displayed in a session after several days of PM-related provisioning changes. This issue will be resolved in Release 5.0.
An exception is raised when retrieving PM stats via TL1 for the protect card of a 1:1 protection group when the working card is active. To avoid this issue, retrieve stats from the working card instead of the protect card. This issue is resolved in Release 4.6.
In one rare case, the ONS 15454/15327 times out a user session without communicating the timeout to TL1. If this happens, the TL1 user remains logged in, although the session is actually timed out. This can occur when you log into the node with a timeout of X minutes. If the user session sits idle for all but 5 seconds of the X minutes, then you have only 5 seconds to type in a command to notify the node that the session is active. If you try this, you will likely miss the five second window, in which case the node will respond as though the session is inactive and deny access. However, because you have typed a key, irrespective of the five second window, TL1 responds as though the session is active and does not log you out (time out). You will not have access to the node and will receive a "DENY" response to TL1 commands. The error message may vary depending on commands issued. To recover from this situation, log out and log back in to TL1. This issue is resolved in Release 4.5.
The TL1 COPY-RFILE command, used for SW download, database backup, and database restore, currently does not allow a user-selected port parameter to make connections to the host. The command expects the default parameter of Port 21 and will only allow that number. This issue is resolved in Release 5.0
When a TL1 session to a remote node (ENE) is established via a gateway node (GNE) and you have changed the node name of the ENE via either TL1, CTC or SNMP, then you must wait for about 30 seconds to issue a TL1 command via the GNE. This delay is to permit the updates to propagate to all nodes in the network. During this transition, neither the old node name nor the new node name can be used in the TL1 session to access the ENE. This 30 second window may be reduced in a future release.
Resolved Software Caveats for Release 126.96.36.199
The following items are resolved in Release 188.8.131.52.
CSCdv05723 and CSCdw37046
DS-3 traffic hits can occur during synchronization changes (frequency offsets applied) on the node's timing.
A specific scenario under which this has been seen involves configurations with multiple nodes line-timed off each other in series. If a network configuration has a DS-3 circuit routed over a chain of nodes that are line-timed off each other in sequence (more than 1 line-timed "hop"), the DS-3 traffic might exhibit errors on timing disturbances applied on the source node.
The other scenario involves an abrupt change in reference frequency between two nodes. This can result in test set errors.
This issue is resolved in Release 4.1.
When DS1-14 cards are used and ports are provisioned for B8ZS/ESF, random DS1-14 ports raise LOF and Tx-AIS, though terminating equipment is configured and connected properly. DS1 traffic goes down and terminating equipment raises AIS. Setting the DS1-14 ports on the ONS 15454 to unframed should avoid this issue. Connected DS1 equipment can remain provisioned for B8ZS/ESF. This issue is resolved in Releases 4.1.8, 5.0.2, and 6.0.
Rarely, a MFGMEM alarm is raised incorrectly against the backplane (BP) on an ONS 15454 node using the 15454-SA-HD (high density) or 15454-SA-ANSI chassis with TCC2 cards. The alarm is raised due to the inability of the TCC2 card to correctly read the EEPROM. Less than 0.02% of nodes in this hardware configuration are known to be affected.
In Release 5.0.2, when using the TCC2 in combination with the 15454-SA-HD, and the DS3/EC1-48 card, failure of the TCC2 to correctly read the EEPROM can cause a loss of traffic. The failure scenario can occur because, while using the ONS 15454 high density (HD) shelf, the inability to read the EEPROM correctly leads the TCC2 to incorrectly identify the shelf as an ONS 15454 ANSI shelf, and, in Release 5.0.2, when using DS3/EC1-48 cards, this can result in the DS3/EC1-48 cards being deleted from the database. This aspect of the issue only occurs in Release 5.0.2. The alarm itself is not service affecting in releases prior to Release 5.0. This issue is attributed to a failure to check and verify the correct content in the EEPROM.
This issue is most likely to occur during turn-up of a new node. The issue can also occur if a new TCC2 is installed in the shelf, or during a first switchover operation. Cisco recommends upgrading to Release 5.0.4 if you deploy the DS3/EC1-48 to avoid this issue. To recover from this issue, side switch the affected TCC2 back to the protect card. If the issue persists, call the Cisco TAC. This issue is resolved in Releases 184.108.40.206, 4.6.6, 5.0.4, 5.0.5, and 6.0.
When a DS1 port on the XTC card (ONS 15327) or the on the DS1 card (ONS 15454) is configured as ESF frame format, and is connected to external DS1 equipment that transmits a malformed Performance Report Message (PRM) on the Facility Data Link (FDL), the XTC or DS1 card cannot manage the malformed PRM and will reset each time it receives one (so the symptom of this issue is multiple repeated resets on an XTC or DS1 card configured for ESF). To avoid this issue, change the frame format from ESF to Unframed on the DS1 ports on the ONS 15327 or ONS 15454. This allows you to keep your settings on the external DS1 equipment and not lose traffic. Some functionality of alarms, such as LOF, or of any line PMs that look into the DS1 header for information will be lost, however, in this method of avoiding an XTC/DS1 reset. This issue is resolved in Releases 4.1.7 and 5.0.
Malformed IP packets can potentially cause the XTC, TCC/TCC+/TCC2 and TCCi/TCC2 control cards to reset. Repeated transmission of these malformed packets could cause both the control cards to reset at the same time. This issue is resolved in Release 5.0, and maintenance Releases 4.1.4, 2.3.5, 4.0.3, and 4.6.2.
Malformed ICMP packets can potentially cause the XTC, TCC/TCC+/TCC2 and TCCi/TCC2 control cards to reset. Repeated transmission of these malformed packets could cause both the control cards to reset at the same time. This issue is resolved in Release 5.0, and maintenance Releases 4.1.4, 2.3.5, 4.0.3, and 4.6.2.
CSCec88426, CSCec88508, CSCed85088
Malformed TCP packets can potentially cause the XTC, TCC/TCC+/TCC2, and TCCi/TCC2 control cards to reset. Repeated transmission of these malformed packets could cause both the control cards to reset at the same time. This issue is resolved in Release 5.0, and maintenance Releases 4.1.4, 2.3.5, 4.0.3, and 4.6.2.
CSCec59739, CSCed02439, CSCed22547
The XTC, TCC/TCC+/TCC2 and TCCi/TCC2 control cards are susceptible to a TCP-ACK Denial of Service (DoS) attack on open TCP ports. The controller card on the optical device will reset under such an attack.
A TCP-ACK DoS attack is conducted by withholding the required final ACK (acknowledgement) for a 3-way TCP handshake to complete, and instead sending an invalid response to move the connection to an invalid TCP state. This issue is resolved in maintenance Releases 4.1.4, 2.3.5, 4.0.3, and 4.6.2.
CSCec88402, CSCed31918, CSCed83309, CSCec85982
Malformed UDP packets can potentially cause the XTC, TCC/TCC+/TCC2, and TCCi/TCC2 control cards to reset. Repeated transmission of these malformed packets could cause both the control cards to reset at the same time. This issue is resolved in Release 5.0, and maintenance Releases 4.1.4, 2.3.5, 4.0.3, and 4.6.2.
CSCea16455, CSCea37089, CSCea37185
Malformed SNMP packets can potentially cause the XTC, TCC/TCC+/TCC2 and TCCi/TCC2 control cards to reset. Repeated transmission of these malformed packets could cause both the control cards to reset at the same time. This issue is resolved in Release 4.6, and maintenance Releases 4.0.1, 4.0.3, and 4.1.3.
The High Temperature Alarm is raised at 50 degrees Celsius. This is, however, not optimal on an Itemp rated system, which can tolerate up to 65 degrees Celsius. To work around this issue, the alarm can be downgraded or suppressed, but note that this will result in no temperature alarm provided at all. Alternatively, Cisco TAC provides a method of retrieving the temperature from the node, which can thus be monitored periodically for temperature-related problems. This issue is resolved in Release 4.6, and in maintenance Release 4.1.3.
In Releases 4.0, 4.0.1, and 4.1 the standby TCC+, TCC2, or XTC card might reset automatically. This can occur at any time, but only rarely. This issue is resolved in Release 4.6, and maintenance releases 4.1.1 and 4.1.3.
Error messages indicating "Stuck Ucode" and "MDA_INTERNAL_ERROR" occur when routing 64-byte VLAN tagged frames at line rate. For VLANs, use bridging instead of routing. This issue is resolved in Release 4.0.
An STS-24C circuit with oversubscription (more than 1 GigE of traffic) can incur possible loss of some high priority packets (such as VoIP) when using an STS-24C POS circuit between ML-series cards. The input error count can be seen in "show int pos." To avoid this issue, limit total ring traffic to 1 Gbit, or upgrade to Maintenance release 4.1.4. This issue is resolved in Release 4.1.4.
When overloading ML-1000 with Gig rate 64 byte traffic in both directions over RPR, traffic in one direction might get only about 20% throughput. This occurs only during heavy oversubscription of the processing rate of the card, as described above, and only for specific traffic patterns over RPR, where RPR circuits are all created from POS 0 to POS 1, and all traffic has even-numbered MAC addresses at one end and odd-numbered MAC addresses at the other end. Generally, such heavy packets-per-second on a Gig link are not normal network behavior, and so this should not be a traffic affecting issue in a deployed network. This issue is resolved in Release 4.1.4.
Unicast traffic added to the RPR ring always load balances solely based on the source and destination MAC addresses; this might cause load-balancing issues when routers are connected to RPR. This issue is resolved in Release 4.1.4.
Under certain conditions, the transmitter of an ML-100 FastEthernet interface might stop transmitting. The interface receives traffic but does not transmit traffic, and transmit counts on the ML-100 FastEthernet interface do not increment. No alarms are raised. A card reset is required to restore traffic.
To prevent this issue, enable auto-negotiation and disable flow control on both ends of each FastEthernet link. Use the following ML-100 interface commands:
flowcontrol send off
If auto-negotiation is undesirable, the chance of the issue occurring can be reduced by disabling flow-control on the device at the other end of the ML-100 FastEthernet link.
This issue is resolved in Release 4.6 and maintenance Release 4.1.3.
If you configure Fast EtherChannel and POS-channel in the same bridge group, during system boot, the Fast EtherChannel or POS-channel configuration may be lost and following error message displayed:
Interface FastEthernet1 is attempting to join Port-channel1. But Port-channel1 belongs to bridge-group 1 which has another FE(C) member in it. FEC + FE(C) is not allowed in the same bridge group. Please change your configuration and retry.
This issue is resolved in Release 4.1.
During an upgrade, all ML-series cards are reset at the same time. This can result in a lengthy disruption to local traffic. This issue will be resolved in a future release, in which the upgrade will be altered to reset ML cards one at a time, so that L2/L3 protection can be used to minimize loss of local add/drop traffic during node upgrade. This issue is resolved in Release 4.1.
To avoid possible ML-series card resets when adding interfaces to a bridge group, always configure the Spanning-Tree Protocol for the bridge group (using the bridge number protocol command) before performing any other configuration on the bridge group.
If you want to use a bridge group that does not run the Spanning-Tree Protocol, you must first configure the bridge group with the Spanning-Tree Protocol, and then disable the Spanning-Tree Protocol for that bridge group on every interface where it is used (using the bridge-group number spanning-disabled interface configuration command). This issue is resolved in Release 4.1.
G Series Cards
A G1-K traffic loss can occur on a software upgrade from Release 4.0, 4.1, or 4.5 to a later software release in an ONS 15454 node with XC or XCVT cards installed. This issue does not occur if the equipment has XC10G cards installed. This issue is resolved in Release 4.6 and maintenance Release 4.1.3
When a G-series card is used in transponder mode the severity of reported alarms is incorrect in some cases. When using transponder mode on G-series cards, if alarm severity is an issue, use the alarm profile editor to set the severity to the desired values. This issue is resolved in Release 4.6 and maintenance Release 4.1.3.
An Ethernet traffic hit of 500-600 ms may occur when upgrading to Release 4.1 from a prior release. This can occur if active traffic is running on a G1000-4, G1K-4 or G1000-2 card when upgrading the node to Release 4.1. The hit will occur only the first time that you upgrade to Release 4.1. On subsequent downgrades followed by upgrades there will be no traffic hit and the upgrade will be errorless. There is no workaround; however the issue will not occur when upgrading from Release 4.1 to a later release. This issue is resolved in Releases 4.1.3 and 4.6.
Maintenance and Administration
If a host on the same Ethernet as a given NE sends ARP requests to the NE, with a source address that is in a restricted address range (see below), the NE might reboot and other cards in the shelf reset. The NE might become unmanageable under these circumstances. The NE will install an ARP entry for the illegal IP address, with the MAC supplied in the ARP request, thereby misrouting important addresses.
Restricted addresses are those in the loopback network, 127.0.0.0/8, in the multicast networks, 220.127.116.11/4, and in the cell bus network, 192.168.100.0/24.
The workaround is to ensure that no legitimate hosts have addresses in the illegal networks, and that no compromised hosts that might generate ARP attacks are on the Ethernet. This issue is resolved in Releases 4.0.3, 4.6.2, 4.1.5, and 5.0.
If you have DS3 cards and you try to manually create a fully-protected STS circuit in CTC using a 1+1 link as a part of the path protection spans, circuit creation is rejected. This issue is resolved in Release 4.1.7.
In Releases 4.1.4 and 2.3.5, when TCC-B is the active shelf controller card, the NE will not send SNMP traps to the provisioned trap destinations. When TCC-A is the active shelf controller card, SNMP traps will be sent. This only occurs in software Releases 2.3.5 and 4.1.4. To work around this issue, make TCC-A the active shelf controller card. This issue is resolved in all releases other than Releases 4.1.4 and 2.3.5.
Transmission Control Protocol Specification
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection might be automatically reestablished. In other cases, a user must repeat the action (for example, open a new Telnet or SSH session). Depending on the attacked protocol, a successful attack might have consequences beyond terminated connection that also must be considered. This attack vector is only applicable to those sessions that terminate on a device (such as a router, switch, or computer) and not to those sessions that only pass through the device (for example, transit traffic that is being routed by a router). Also, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products that contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and describes the vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes the vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
This issue is resolved in Releases 2.3.5, 4.1.4 and 4.6.2.
After modifying the IP address of a node to an address that is included in the 192.168.190.x range, cards in the shelf reboot. This issue is present in all major and minor releases through 4.1 and 4.5. To avoid this issue, do not provision static routes with a destination address in the subnet range 192.168.190.x, and avoid overlap between IP addresses in the network and the internal subnet range 192.168.190.x. If the issue does occur, reset your TCCs. This issue is resolved in Release 4.6 and in maintenance Release 4.1.4.
VT level alarms fail to clear after traffic has recovered from an error. This can happen when you configure a VT 1.5 circuit terminating on a DS1 card, then inject UNEQ-V to the terminating node, wait for the UNEQ-V alarm to be raised, then terminate the UNEQ-V signal and restore normal traffic. This issue does not occur on intermediate nodes of the circuit. The UNEQ-V alarm can be cleared using a TCC side switch. This issue is resolved in Release 4.1.3.
With multiple unnamed circuits (circuit name listed as "Unknown") on a node, where at least one is a path protection circuit, a cross-connect from one of these unnamed circuits will incorrectly appear on the Circuit Edit > Path Protection Selectors, and Circuit Edit > Path Protection Switch Counts tabs of the other unnamed circuits. Also, the State tab will show paths in the wrong column (for example, both source and destination in the CRS End B column).
This issue can manifest anytime you create multiple unnamed circuits (via TL1 or from CTC using the TL1-like option) on a node, where at least one is a path protection circuit. This issue is resolved in Release 4.6 and maintenance Releases 4.1.1 and 4.1.3.
The High Temperature Alarm is raised at 50 degrees Celsius. This is not appropriate on an Itemp rated system, which can handle up to 65 degrees Celsius. The alarm can be downgraded or suppressed to work around the issue, but then no temperature alarm at all is provided. Cisco TAC is providing a method of retrieving the temperature from the node that enables you to periodically monitor temperature related problems. This issue is resolved in Release 4.6 and in maintenance Release 4.1.3.
When provisioning a circuit as OOS, path level PM collecting is not disabled. To work around this issue, deselect the IPPM for the path. This issue is resolved in Releases 4.1.3 and 4.6.
When provisioning a circuit as OOS, path level PM collecting is not disabled. To work around this issue, deselect the IPPM for the path. This issue is resolved in Releases 4.1.3 and 4.6.
Occasionally, after both power sources are removed and plugged in with one power source (Battery A), the node reboots but does not raise PWR-B alarms. To correct this, remove PWR-B and plug it back. This issue is resolved in Releases 4.6 and 4.1.3.
After addition and deletion of a static route that overlaps with the internal IP addresses range, all cards in the shelf reboot. This can also happen after the node learns a similar route through OSPF or RIP updates. This issue is present in all releases through 4.1 and 4.5. To avoid this issue, do not provision static routes with a destination address in the subnet range 192.168.190.x, and avoid overlap between IP addresses in the network and the internal subnet range 192.168.190.x. If the issue does occur, reset your TCCs. This issue is resolved in Release 4.6 and in maintenance Release 4.1.3.
UNEQ-V alarms are incorrectly raised prior to connecting a TAP to a TACC, and also after disconnecting the TAP from the TACC. This issue is resolved in Releases 4.1.1, 4.1.3, and 4.6.
Rarely, there is a delay in CTC before the correct card status is displayed after a protection switch. When a manual or forced switch is made to a protection type, the protection switch occurs immediately, but the card status might take a while approximately 2 minutes to show up under rare circumstances. If a switch is not reflected right away, wait for the status change to occur. This issue is resolved in Release 4.1.
VT Cross-connects downstream from a DS1 can automatically transition from the OOS-AINS state to the IS state even though the DS1 signal is not clean (for example, when there is an LOS present). This can occur when you have created a VT circuit across multiple nodes with DS1s at each end, and you have not yet applied a signal to the DS1 ports, and then you place the DS1 ports in OOS-AINS, OOS-MT, or IS. When you then place the circuit in OOS-AINS, the circuit state changes to IS (within one minute). This issue is resolved in Release 4.1.
IPPM counts for PCA (extra) traffic will not be displayed in CTC if a BLSR ring-switches back to working after a failure recovery. To work around this issue, lockout the ring by issuing a LockoutOfProtection (LK-S) user command on both east and west on all the nodes in the ring. Reboot the OCn card that is not showing PCA path level counts. This procedure needs to be done whenever there is a switch in BLSR configuration. This issue is resolved in Releases 4.1.3 and 4.6.
Issuing an LK-S in one direction while a ring switch (SF-R) is active on the other direction may result in a failure to restore PCA circuits on the ring.
To see this issue, on a node participating in a two fiber BLSR with PCA circuits terminating at the node over the two fiber BLSR, cause an SF-R by failing the receive fiber in one direction (say, west). Then, issue an LK-S in the other direction (in our example, east). Since the LK-S has higher priority than the SF-R, the ring switch should clear and PCA traffic should be restored on spans without a fiber fault. The ring switch does clear, but PCA traffic does not restore. To correct this issue, clear the fiber fault. All traffic restores properly. This issue is resolved in Release 4.1.
If you have PCA circuits over two-fiber or four-fiber BLSR protect channels, an incorrect auto-inservice transition occurs after traffic preemption. You may place the circuit back into the OOS-AINS state after the BLSR has returned to the unswitched mode, using the Circuit Editing pane of the CTC. This issue is resolved in Release 4.1.
In Release 4.1.8, if you run a TL1 script every 2 minutes that logs in (ACT-USER) and retrieves alarms, with nothing much else going on with the nodes, every few days the TCC+ card resets. Specifically, ATAG overflow for report security events causes the reset. To avoid this issue, instead of logging in for every run of the script, log in once, keep a single session going, and just retrive alarms every 2 minutes. This issue is resolved in maintenance Release 18.104.22.168.
If the TL1 craft port is disconnected while a retrieve level user (or a user with no timeout) is logged in, and there is a currently active CTC session, then the active TCC will reset. To avoid this, log the craft access user out before disconnecting the TL1 craft port. This issue is resolved in Release 4.6 and in maintenance Release 4.1.4.
The TL1 "COPY-RFILE" command fails when executed on an ENE through an ONS 15454 GNE. This issue occurs when a Checkpoint firewall is between the FTP server and the GNE. The 'COPY-RFILE' will work properly when executed on the GNE but fails when executed on the ENE with an ONS 15454 GNE. The workaround is to stop FTP protocol monitoring on the
Checkpoint firewall when the FTP client is a GNE and the FTP server is the COPY-RFILE server. This issue is resolved in Release 4.1.4.
In a TL1 GNE/ENE configuration where user does not log in (that is, where the user fails to issue an ACT-USER to the GNE Node), a TCC might reset and/or some lower priority tasks might become "CPU starved," resulting in one or all of the following consequences:
•TL1 Autonomous messages (alarms, events, and report database changes) not generated or processed
•LCD display not updated
To avoid this issue, be sure to log in via TL1 to the GNE node. This issue is resolved in Releases 4.0.2, 4.1.1, 4.1.4, and 4.6. It is not resolved in Releases 4.1.2 or 4.1.3.
Release 4.1 and 4.5 TL1 cannot display/retrieve/delete a DS3Xm VT Non-STS-1 cross-connection/circuit. This applies to ONS 15454s with DS3XM VT cross-connection provisioning via TL1, on any STS or port other than STS-1 or PORT-1, and with the AID format of:
The cross-connection is provisioned as expected; however, the connection STS number in the TL1 VT AID format is always shown as "1" for the RTRV-CRS::ALL command and RTRV-CRS-VT1 with the AID used in the creation command (the non-one STS).
This issue has an impact on any DS3Xm VT connection deletion via TL1 where the STS number is not actually 1. The displayed VT1 AID cannot be used to retrieve the connection, and also cannot be used to delete the created connection. Also, the VT alarms/events/conditions on such a DS3XM VT circuit/connection will have the same AID issue: the StsNumber in the AID is always 1.
To work around this issue, delete the TL1-created DS3XM VT non-STS-1 cross-connection using the provisioned DS3XM VT AID (non-STS-1) or using CTC. There is no workaround for the alarm/event reporting for the non-STS-1 DS3XM VT circuit in the impacted releases (4.1 and 4.5). This issue is resolved in Release 4.6 and in maintenance Release 4.1.3.
The default state, when no PST or SST inputs are given for The TL1 command, RMV-<MOD2_IO>, is OOS instead of OOS-MT. Thus, if you issue a RMV statement, followed by maintenance-state-only commands, such as OPR-LPBK, the maintenance state commands will not work, since the port will be in the out-of-service state (OOS), instead of the out-of-service maintenance state (OOS-MT). To work around this issue, place ports in the OOS-MT state, by specifying the primary state as OOS and a secondary state of MT in either the RMV-<MOD2_IO> command or the ED-<MOD2_IO> command.
Scripts that depend on the RMV-<MOD2_IO> command defaulting to OOS-MT without specifying the primary and secondary states should be updated to force the primary and secondary state inputs to be populated. This issue is resolved in Release 4.1.
The TL1 command, INH-USER-SECU, does not disable the userid appropriately. The command should disable the userid until the corresponding ALW-USER-SECU command is issued; however, the userid is automatically re-enabled after the user lock-out period expires. The user lockout period is set from the CTC. This issue is resolved in Release 4.1.
New Features and Functionality
This section highlights new features and functionality for Release 4.1.x. For detailed documentation of each of these features, consult the user documentation.
New in Release 4.1.7 Only
Path Protection Over 1+1
Release 4.1.7 supports path protection circuits over 1+1 links. To support path protection over 1+1 connections a node level NE default, NODE.circuits.upsr.AllowUpsrOverOnePlusOne, is added. CTC supports "Path Protection over 1+1" circuits for nodes that have this NE-default set to TRUE.
Note The value of the NODE.circuits.upsr.AllowUpsrOverOnePlusOne NE default after a software upgrade is FALSE. To enable path protection over 1+1 you must set this default to TRUE in the Defaults editor window. To edit NE defaults refer to the "NTP-A164 Edit Network Element Defaults" procedure in the Cisco ONS 15454 Release 4.1 Network Element Defaults document.
Note For path protection over 1+1 circuits double fault scenarios are not supported. If both the path protection and 1+1 are switched, traffic can be lost. To allow path protection functionality the 1+1 must be placed in "Forced to Working" state. The path protection selector can only be switched manually. To allow 1+1 functionality, the path protection selector must be in "Forced to working" state. In other words, at all times one of the selectors (path protection or 1+1) must be in the "Forced to Working" state to operate without traffic loss in this mode.
New Software Features and Functionality
DS3i-N-12 Card Support for SONET Platforms
Release 4.1.3 adds SONET support for the DS3i-N-12 card, as specified herein. For DS3i-N-12 card features and specifications, refer to the Cisco ONS 15454 SDH Reference Manual, R4.1.x and R4.5.
Compatibility and Interoperability
The DS3i-N-12 card is not compatible with the DS3 or the DS3E card. There is no in-service upgrade path from DS3 or DS3E to DS3i-N-12. Plugging a DS3i-N-12 card into a slot provisioned for DS3 will result in an MEA. Plugging a DS3 card into a slot provisioned for DS3i-N-12 will result in an MEA.
The DS3i-N-12 card operates with either the XC10G or the XCVT card. Future cross connect cards will be supported as they become available.
The DS3i-N-12 card operates with either the TCC+ or the TCC2 as the shelf controller as long as the particular type of TCC card is supported with the particular software release. Future shelf controller cards will be supported as they become available.
Caution Plugging a DS3i-N-12 card into a SONET chassis running a 4.0 or later software release that does not support the DS3i-N-12 will result in an MEA. On software releases prior to 4.0, the DS3i-N-12 card will continuously reboot without raising any alarm.
The following guidelines apply for circuit provisioning with the DS3i-N-12 card.
•A circuit from a DS3i-N-12 port to a DS3 port cannot be provisioned.
•A circuit from a DS3i-N-12 port on an ONS 15454 (SONET) node to a DS3i-N-12 port on another ONS 15454 node can be made.
•A circuit from a DS3i-N-12 port on an ONS 15454 (SONET) node to a DS3i-N-12 port on an ONS 15454 SDH node can be made, but there will be no end-to-end provisioning. The circuit must be provisioned in a two part process: The DS3i-N-12 to optical card is provisioned on the SONET side and the DS3i-N-12 to the corresponding SDH optical card is provisioned.
•You are only allowed to create STS3C circuits from/to the DS3i-N-12 card.
•There can only be four independent STS3C circuits provisioned from/to the DS3i-N-12 card.
•The ports used in each of the STS3C circuits are 1, 2, and 3; 4, 5, and 6; 7, 8, and 9; 10, 11, and 12.
•Each port on the DS3i-N-12 card can be provisioned independently in or out of service, but if less than three ports are used, the extra bandwidth is underutilized, because the STS3C will still be provisioned across the span cards.
•You cannot add or drop individual DS3 circuits out of the STS3C on intermediate nodes. To maximize bandwidth utilization, you must fill the STS3C at the circuit endpoints on the DS3i-N-12 cards by using the three contiguous DS3i-N-12 ports allocated to the particular STS3C.
Note When provisioning circuits in SDH to interoperate with SONET DS3i-N-12, you must create a VC4 containing VC3s as a payload in the exact order in which they will attach to port groups on the SONET side.
Protection Group Support
For SONET nodes, the DS3i-N-12 card supports 1:1 and 1:N where 1 <= N <= 5. Any DS3i-N-12 card can function as a protect card in a 1:N protection group. The working and protect slots follow the convention for other 1:1 and 1:N electrical protection groups.
For 1:1 protection:
•Slot 1 protects Slot 2
•Slot 3 protects Slot 4
•Slot 5 protects Slot 6
•Slot 13 protects Slot 12
•Slot 15 protects Slot 14
•Slot 17 protects Slot 16
For 1:N protection, the protect Slot 3 can protect Slots 1, 2, 4, 5, and 6; and protect Slot 15 can protect Slots 12, 13, 14, 16, and 17.
Mixed protection groups between DS3 and DS3i-N-12 cards are not supported.
Protection switching for 1:1 and 1:N meets required 60 ms switch times.
Switch times for XCVT or XC10G side switches meet required 60 ms switch times.
The current equipment protection behavior of switch, lock on, and lock out are supported.
Performance Monitoring Support
Releases 4.1.3 and 4.1.4 support the following performance monitoring functions related to the DS3i-N-12.
•Enhanced DS3 PMs for C-bit and M13 framing mode are supported (similar to the DS3E cards).
•Automatic DS3 frame format detection is supported (similar to the DS3E card).
•Path level PMs are supported at the STS level similar to the current DS3 cards.
•Intermediate optical cards only support monitoring path level PMs on the STS3C circuit.
•Far end path PMs are supported at the STS level similar to the current DS3 cards.
Note The default DS3i-N-12 framing type (provisionable from the Maintenance > Provisioning tab) matches the default for SDH (in other words, it is C-bit).
Note The DS3i-N-12 does not have the latest C-bit detection capability released in the Release 4.1 time frame for the DS3E card.
SD/SF BER calculation is performed at the DS3 line level (similar to the DS3 cards). SD/SF alarming occurs if the BER exceeds the provisioned SD, or SF thresholds, respectively. The SF alarm suppresses the reporting of the SD alarm.
The DS3i-N-12 card supports the standard DS3 alarms, LOS and LOF.
Path Trace Support
The DS3i-N-12 card supports setting and reading of a 16 or 64 byte J1 path trace string.
Intermediate monitoring of the J1 path trace by the optical cards is not supported.
On a path trace mismatch, the TIM-P alarm is raised.
Generation of AIS on TIM-P is user-provisionable as "on" or "off."
Software Upgrade Support
Software upgrades are errorless for TCC2/XC10G systems.
Note If there is a DS3i-N-12 protection group, the protect card must be in the standby state before the software activation process.
As of Release 4.1.3 the column "Path Width" has been added to Alarms, Conditions and History panes. The Path Width column provides the width of the STS path on which the alarm is raised or cleared, in units of STS (how many STSs wide the path is). The path width only applies to the "STS-" alarmable object type. For any non-STS object, the column remains blank.
CTC also supports the following functionality for the DS3i-N-12 card as of Release 4.1.3.
•Preprovisioning of a slot for DS3i-N-12
•Creating a 1:1 or 1:N protection group with DS3i-N-12, enforcing the limitations specified under the protection section
•Maintenance mode operations (loopbacks, protection switching, ports in and out of service, etc.)
•Shelf view and the card view display of a DS3i-N-12 card
•NE defaults for the DS3i-N-12 card on the SONET platform that match the defaults available on the SDH platform
TL1 supports the DS3i-N-12 card for the following commands.
•ENT-EQPT, to provision the DS3i-N-12 card.
•RTRV-EQPT, to retrieve the DS3i-N-12 card parameters.
•ENT-CRS-STS, for circuit creation.
•ED-T3, to provision the ports of the DS3i-N-12 card.
•ED-EQPT, to ensure protection group creation rules for the DS3i-N-12 card.
•RTRV-PM-STS, for PM retrieval at the Path level.
•RTRV-PM-T3, for PM retrieval at the Line level.
•RTRV-ALM, to ensure alarms are being retrieved correctly.
•RTRV-STS, for setting and retrieving the Path trace strings.
ML-Series Resilient Packet Ring
RPR (Resilient Packet Ring) is a new protocol available on the ML-Series cards enabling you to use SONET bandwidth more efficiently, with 50 ms recovery times.
Basic Feature Description
RPR for the ML-Series line cards provides a set of enhancements to the performance of any such card running the Release 4.1.x. These improvements include:
RPR for the ML-Series line cards allows new deployment applications for all cards running Release 4.1.x. These improvements include:
•Better SONET bandwidth utilization compared to an STP controlled ring topology.
•Non-SONET fail-over mechanism with sub 50-millisecond convergence for fiber cuts, restores, node failures and inserting new nodes.
•Ability to perform ML-Series QOS (quality of service) features on all SONET traffic (pass-through, drop, and add).
•No hardware changes: Only requires ONS 15454 Release 4.1.x, which includes the new IOS configuration.
•Increased number of supportable VLANs and MAC addresses on the ring.
•A scalable, inter-ring protection mechanism for increased network resiliency.
•The addition of RPR does not remove any Release 4.0 functionality. RPR features are enabled via a new set of configuration commands.
For further details of RPR uses and features, consult the user documentation for Release 4.1.x.
Open Ended Path Protection
In previous releases, you could create an end-to-end path protection circuit on any Cisco ONS 15XXX network using A-Z provisioning of CTC/CTM. This feature requires you to specify one source node and one destination node of a path protection circuit. CTC/CTM requires these nodes to be part of the network that is discovered by CTC/CTM.
With Release 4.1.x you can create an open ended path protection circuit in addition to a regular path protection. An open ended path protection circuit is a partial path protection circuit. This feature helps you create end-to-end path protection circuits where a part of the given path protection circuit is on a Cisco 15XXX network, while the other part of the circuit is on another vendor's equipment. The circuit may consist of one source point and two end points. There are two paths from the source; one path is from the source to one end point and the other path is from the source to the other end point. The source has a bridge that sends the traffic on both paths. The end points do not have any selectors and may hand off the traffic to another vendor's equipment. For bidirectional circuits, the source also contains a selector for the reverse traffic from end points to source. Alternatively, open ended path protection can be used to create a circuit with two sources and one destination. In the unidirectional case, the destination node has a selector, and the source nodes have one-way connections.
The NE defaults pane user interface is changed in Release 4.1.x as follows:
•The NE defaults pane now has a highlighted title at the top of the pane, indicating the last action taken by the user.
•If you import or export a file, the title shows the file name and the time of the action.
•If you load or apply a file to the node, the changes and the time of the action will be displayed.
As of Release 4.1.x, The following user privileges have changed:
•A Maintenance level user can back up the database and transfer a software package to the node.
•A Provisioning level user can delete and reset cards.
Protect Threshold Crossing Alarms
As of Release 4.1.x, BLSR/MS-SPR and path protection/SNCP protect thresholds at both the card and port level are inherited from the working card/port.
To be compatible with certain legacy deployments, the DS3-12E card C bit detection algorithm has changed conjunction with Release 4.1.x through an FPGA change in the DS3-12E modules.
Gigabit Ethernet Transponder
The Gigabit Ethernet Transponder is a software enhancement to existing G-series Ethernet cards that allows these cards to support transponder functionality.
The following features support Gigabit Ethernet Transponder functionality for Release 4.1.x.
Note In this section, unless otherwise mentioned, all items apply equally to both G1000-4 cards and G1K-4 cards. Some capabilities also apply to G1000-2 cards.
Note This applies only to the ONS 15454-based G-series cards (G1000-4 and G1K-4).
CWDM GBICs correspond to the eight wavelengths supported by the Cisco CWDM GBIC solution on the ONS 15454: CWDM-GBIC-1470, CWDM-GBIC-1490, CWDM-GBIC-1510, CWDM-GBIC-1530, CWDM-GBIC-1550, CWDM-GBIC-1550, CWDM-GBIC-1570, CWDM-GBIC-1590.
This applies only to the latest revision of the ONS 15454-based G-series cards (G1000-4 and G1K-4).
DWDM GBICs correspond to the 32 different ITU-100GHz wavelengths supported on the ONS 15454: 1530.33, 1531.12, 1531.90, 1532.68, 1534.25, 1535.04, 1535.82, 1536.61, 1538.19, 1538.98, 1539.77, 1540.56, 1542.14, 1542.94, 1543.73, 1544.53, 1546.12, 1546.92, 1547.72, 1548.51, 1550.12, 1550.92, 1551.72, 1552.52, 1554.13, 1554.94, 1555.75, 1556.55, 1558.17, 1558.98, 1559.79, and 1560.61. The ONS 15454 version DWDM GBICs are the only officially supported DWDM GBICs for the G-Series Ethernet cards. These GBICs have wideband reception capability and can receive with adequate sensitivity across the 1260-1620 nm range (refer to GBIC specs in the user documentation for details). This capability can be exploited in some of the transponder applications.
New GBICs are supported for only those vendors/brands that are officially certified for use on the ONS 15454.
GBIC inventorying functions are not currently supported. However, the type of GBIC plugged in and the wavelength used are displayed to CTC and TL1 users (as well as CTM users when CTM support is added).
Performance monitoring of optical parameters such as DWDM power levels per wavelength are not supported in Release 4.1.x.
The GBIC security feature is not supported in Release 4.1.x.
Three Transponder Modes of Operation
Release 4.1.x supports three transponder modes of operation:
Bidirectional 2-port transponder
Bidirectional 1-port transponder
Unidirectional 2-port transponder
This applies only to the ONS 15454-based G-series cards (G1000-4 and G1K-4). This feature also includes the ability of the cards to operate (when in transponder mode) independent of the cross connect cards and even operate without any cross connect cards in the shelf.
When at least one port is provisioned in a transponder mode, the entire card will be in transponder mode. When SONET/SDH circuits are provisioned on a card, the card is said to be in normal/SONET mode.
Hybrid mode of operation is not supported in Release 4.1.x. At any given time, a card can be either in transponder mode (with one or more ports being provisioned to provide transponder capabilities) or in normal SONET mode. A mixed or hybrid mode (in which only some ports are performing transponder functions while others are switching traffic into the SONET/SDH network) is not supported and you will be prevented from provisioning such a combination. In order to move a card from SONET mode to transponder mode you must first delete all SONET/SDH circuits terminating on the card, after which ports will become provisionable as transponders. Similarly you must first turn off transponder mode on all ports before a card can become eligible for SONET/SDH circuits again.
Facility Loopback is supported for Release 4.1.x transponder functionality.
This applies to all G-series cards (G1000-4 and G1K-4 on the ONS 15454 and G1000-2 on the ONS 15327).
Provisionable Flow Control Watermarks
Provisionable flow control watermarks are supported for Release 4.1.x. This capability enables the user to tune the flow control mechanism on the G-Series cards for some network applications.
This applies to all G-series cards (G1000-4 and G1K-4 on the ONS 15454 and G1000-2 on the ONS 15327).
The following alarms have changed as of Release 4.1.x.
SONET CRITICAL Alarms
LOC is added in Release 4.1.x.
SONET MAJOR Alarms
OTUK-IAE is dropped in Release 4.1.x.
PLM-V is added in Release 4.1.x.
SQUELCHED is MJ in Release 4.0 but changed to NA in Release 4.1.x.
FEC-MISM is added in Release 4.1.x.
SONET MINOR Alarms
OTUK-TIM is MN in Release 4.0 but changed to NA in Release 4.1.x.
SONET NA/NR Conditions
ERFI-P-CONN is added in Release 4.1.x.
ERFI-P-PAYLD is added in Release 4.1.x.
ERFI-P-SRVR is added in Release 4.1.x.
EXERCISE-RING-FAIL is added in Release 4.1.x.
EXERCISE-SPAN-FAIL is added in Release 4.1.x.
INTRUSION-PSWD is added in Release 4.1.x.
LPBKFACILITY (G-Series) is added in Release 4.1.x.
New TL1 Features
The following TL1 features are new for release 4.1.x. For detailed instructions on using TL1 commands, consult the TL1 Command Guide for Release 4.1.x.
The following commands were dropped from Release 4.0.
The following command was added in Release 4.1.x.
The following new support has been added for Release 4.1.x.
•Facility loopbacks on G1000 are supported in Release 4.1.x.
•Escaped double quotes (\")" was introduced in Release 4.1.x for Inner Strings (See Telcordia GR-831-CORE, Section 2.2.10) for GR compliance.
•In the command COPY-RFILE, DB backup and DB Download can be done by a MAINT user in Release 4.1.x (in addition to SUPERUSER).
•Negative MonLevels are accepted in Release 4.1.x.
•The command RTRV-COND-SYNCN can be used with the ALL AID to suppress conditions with the same root cause. This behavior is enhanced in Release 4.1.x to display all Synchronization related conditions.
•The ED-BITS and RTRV-BITS commands now support the AIDs SYNC-BITS1 and SYNC-BITS2 for setting and retrieving the BITS-OUT port state.
•The parameter VOATTN, in ED/RTRV-OCH, has a range of -40 to +30.
The following BLSR ringid alarms are changed in Release 4.1.x to report on the OCn port.
•BLSROSYNC, MN, NSA, "BLSR Out Of Sync"—Always reported against the East working OCn facility of the BLSR.
•APSCNMIS, MN, NSA, "Node Id Mismatch"—Always reported against the working OCn facility that detects the mismatch.
•RING-MISMATCH, MN, NSA, "Far End Of Fiber Is Provisioned With Different Ring ID"—Always reported against the East working OCn facility of the BLSR.
Command Request changes
In the following command requests, the Release 4.0 request syntax appears first, followed by the new Release 4.1.x syntax.
ED-G1000 In Release 4.0:
ED-G1000 In Release 4.1.x:
ED-T1 in Release 4.0:
ED-T1 in Release 4.1.x:
ED-T3 in Release 4.0:
ED-T3 in Release 4.1.x:
ED-EC1 in Release 4.0:
ED-EC1 in Release 4.1.x:
Command Response changes
In the following command responses, the Release 4.0 response syntax appears first, followed by the new Release 4.1.x syntax.
RTRV-USER-SECU response in Release 4.0:
RTRV-USER-SECU response in Release 4.1.x:
RTRV-G1000 response in Release 4.0:
RTRV-G1000 response in Release 4.1.x:
RTRV-T1 response in Release 4.0:
RTRV-T1 response in Release 4.1.x:
RTRV-T3 response in Release 4.0:
RTRV-T3 response in Release 4.1.x:
RTRV-OCH response in Release 4.0:
RTRV-OCH response in Release 4.1.x:
RTRV-CLNT response in Release 4.0:
RTRV-CLNT response in Release 4.1.x:
RTRV-OCN response in Release 4.0:
RTRV-OCN response in Release 4.1.x:
RTRV-EC1 response in Release 4.0:
RTRV-EC1 response in Release 4.1.x:
The following enum items have changed for Release 4.1.x.
ALS_RESTART enum items added to Release 4.1.x:
ALS_RESTART_AUTO => "AUTO-RESTART"
ALS_RESTART_MAN => "MAN-RESTART"
ALS_RESTART_MAN_TEST => "MAN-TEST-RESTART"
MOD2 enum items added to Release 4.1.x:
MOD2_M2_G1000 => "G1000"
OPTICS enum items dropped from Release 4.0:
OPTICS_OP_IR => "IR"
OPTICS_OP_LR => "LR"
OPTICS_OP_SR => "SR"
OPTICS_OP_VLR => "VLR"
OPTICS enum items added to Release 4.1.x:
OPTICS_OP_1000_BASE_CX => "1000_BASE_CX"
OPTICS_OP_CWDM_1470 => "CWDM_1470"
OPTICS_OP_CWDM_1490 => "CWDM_1490"
OPTICS_OP_CWDM_1510 => "CWDM_1510"
OPTICS_OP_CWDM_1530 => "CWDM_1530"
OPTICS_OP_CWDM_1550 => "CWDM_1550"
OPTICS_OP_CWDM_1570 => "CWDM_1570"
OPTICS_OP_CWDM_1590 => "CWDM_1590"
OPTICS_OP_CWDM_1610 => "CWDM_1610"
OPTICS_OP_ITU_100G_1530_33 => "ITU_100G_1530_33"
OPTICS_OP_ITU_100G_1531_12 => "ITU_100G_1531_12"
OPTICS_OP_ITU_100G_1531_90 => "ITU_100G_1531_90"
OPTICS_OP_ITU_100G_1532_68 => "ITU_100G_1532_68"
OPTICS_OP_ITU_100G_1534_25 => "ITU_100G_1534_25"
OPTICS_OP_ITU_100G_1535_04 => "ITU_100G_1535_04"
OPTICS_OP_ITU_100G_1535_82 => "ITU_100G_1535_82"
OPTICS_OP_ITU_100G_1536_61 => "ITU_100G_1536_61"
OPTICS_OP_ITU_100G_1538_19 => "ITU_100G_1538_19"
OPTICS_OP_ITU_100G_1538_98 => "ITU_100G_1538_98"
OPTICS_OP_ITU_100G_1539_77 => "ITU_100G_1539_77"
OPTICS_OP_ITU_100G_1540_56 => "ITU_100G_1540_56"
OPTICS_OP_ITU_100G_1542_14 => "ITU_100G_1542_14"
OPTICS_OP_ITU_100G_1542_94 => "ITU_100G_1542_94"
OPTICS_OP_ITU_100G_1543_73 => "ITU_100G_1543_73"
OPTICS_OP_ITU_100G_1544_53 => "ITU_100G_1544_53"
OPTICS_OP_ITU_100G_1546_12 => "ITU_100G_1546_12"
OPTICS_OP_ITU_100G_1546_92 => "ITU_100G_1546_92"
OPTICS_OP_ITU_100G_1547_72 => "ITU_100G_1547_72"
OPTICS_OP_ITU_100G_1548_51 => "ITU_100G_1548_51"
OPTICS_OP_ITU_100G_1550_12 => "ITU_100G_1550_12"
OPTICS_OP_ITU_100G_1550_92 => "ITU_100G_1550_92"
OPTICS_OP_ITU_100G_1551_72 => "ITU_100G_1551_72"
OPTICS_OP_ITU_100G_1552_52 => "ITU_100G_1552_52"
OPTICS_OP_ITU_100G_1554_13 => "ITU_100G_1554_13"
OPTICS_OP_ITU_100G_1554_94 => "ITU_100G_1554_94"
OPTICS_OP_ITU_100G_1555_75 => "ITU_100G_1555_75"
OPTICS_OP_ITU_100G_1556_55 => "ITU_100G_1556_55"
OPTICS_OP_ITU_100G_1558_17 => "ITU_100G_1558_17"
OPTICS_OP_ITU_100G_1558_98 => "ITU_100G_1558_98"
OPTICS_OP_ITU_100G_1559_79 => "ITU_100G_1559_79"
OPTICS_OP_ITU_100G_1560_61 => "ITU_100G_1560_61"
TRANS enum items added to Release 4.1.x:
TRANS_NONE => "NONE"
TRANS_ONE_PORT_BI => "ONE-PORT-BI"
TRANS_TWO_PORT_BI => "TWO-PORT-BI"
TRANS_TWO_PORT_RX_ONLY => "TWO-PORT-RX-ONLY"
TRANS_TWO_PORT_TX_ONLY => "TWO-PORT-TX-ONLY"
Alarms, Conditions, and Errors Changed in Release 4.1.x
The following conditions have been added for Release 4.1.x.
ERFI-P-CONN—Enhanced Remote Failure Indication, Path, Connectivity
ERFI-P-PAYLD—Enhanced Remote Failure Indication, Path, Payload
ERFI-P-SRVR—Enhanced Remote Failure Indication, Path, Server
The following error has changed for Release 4.1.x.
IDMS has changed from "Loopback Type Missing" to "Missing Internal Data."
•Release Notes for the Cisco ONS 15454, Release 4.1.8
•Release Notes for the Cisco ONS 15327, Release 22.214.171.124
•Cisco ONS 15454 Software Upgrade Guide, Release 4.1.x and 4.5
•Cisco ONS 15454 Procedure Guide, Release 4.1.x and 4.5
•Cisco ONS 15454 Reference Guide, Release 4.1.x and 4.5
•Cisco ONS 15454 Troubleshooting Guide, Release 4.1.x and 4.5
•Cisco ONS 15454 and Cisco ONS 15327 TL1 Command Guide, Release 4.1.x and 4.5
•Cisco ONS 15454 Product Overview, Release 4.1.x and 4.5
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
You can access the most current Cisco documentation at this URL:
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
Product Documentation DVD
The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .PDF versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:
Cisco Optical Networking Product Documentation CD-ROM
Optical networking-related documentation, including Cisco ONS 15xxx product documentation, is available in a CD-ROM package that ships with your product. The Optical Networking Product Documentation CD-ROM is updated periodically and may be more current than printed documentation.
Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at firstname.lastname@example.org or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
From this site, you will find information about how to:
•Report security vulnerabilities in Cisco products.
•Obtain assistance with security incidents that involve Cisco products.
•Register to receive security information from Cisco.
A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:
To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:
•For Emergencies only — email@example.com
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•For Nonemergencies — firstname.lastname@example.org
In an emergency, you can also reach PSIRT by telephone:
•1 877 228-7302
•1 408 525-6532
Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
The link on this page has the current PGP key ID in use.
If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:
•Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:
•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:
•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:
•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions. You can access iQ Magazine at this URL:
or view the digital edition at this URL:
•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:
•Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:
•Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:
•World-class networking training is available from Cisco. You can view current offerings at this URL:
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007 Cisco Systems, Inc. All rights reserved.